小贝子编程

Spring mvc 安全和 WEB-INF js,图像访问 - 拒绝从'http://localhost:8081/xyz/static/internal/js/jquery-1.10.2.min



需要以下帮助。

我正在使用Spring 4.1与Spring Security 3.2.7和注释。

我的JS,CSS,图像没有加载..我正在遇到此错误。

带有安全性和Web-Inf JS和images访问的Spring MVC-拒绝从'http://localhost:8081/xyz/static/nestern/nestern/js/jquery-1.10.2.2.min.js执行脚本,因为它MIME类型('text/html')不可执行,并且启用了严格的MIME类型检查。

有了弹簧安全性,一切正常

这些是mvcconfig的配置。 

 @Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
    registry.addResourceHandler("/resources/**").addResourceLocations("/", "/resources/");
    registry.addResourceHandler("/static/**").addResourceLocations("/", "/WEB-INF/pages/static/");
}
@Bean
public ViewResolver viewResolver() {
    final InternalResourceViewResolver bean = new InternalResourceViewResolver();
    bean.setViewClass(JstlView.class);
    bean.setPrefix("/WEB-INF/pages/");
    bean.setSuffix(".jsp");
    return bean;
}

,这些都处于安全配置。

 @Override
public void configure(final WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/WEB-INF/pages/static/**");
    web.ignoring().antMatchers("/resources/**");
}

和web.xml是

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<servlet>
    <servlet-name>mvc</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>mvc</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
    <filter-name>localizationFilter</filter-name>
    <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>localizationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

非常困惑 - 当我忽略时-web.ignoring().antMatchers("/WEB-INF/pages/static/**");为什么它无法加载我的静态内容。请帮助我。

您应该意识到,将蚂蚁匹配器与请求路径进行比较,而不是与资源的文件系统路径进行比较。因此,正确的配置将是:

web.ignoring().antMatchers("/static/**");

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium