Home > Others

Secure access to SPRINGMVC permissions and resources (i)

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

A, static resources access, CSS, JS, static page

We know that SPRINGMVC's core configuration is Dispatcherservlet, and all our requests go through the servlet

<servlet>

<servlet-name>springMVC</servlet-name>

<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

<init-param>

<param-name>contextConfigLocation</param-name>

<param-value>classpath*:/spring-mvc.xml</param-value>

</init-param>

</servlet>


<servlet-mapping>

<servlet-name>springMVC</servlet-name>

<url-patten> / </url-patten>// This is/, spring will intercept all requests, and if it is. Do,.action you don't have to look at the static resources below .

</servlet-mapping>


Because I am configured here/, will intercept all, so will block CSS, JS, static page of course you can also configure. Action or. Do but do not match/*

1, activate the container such as Tomcat, Jetty Defaultservlet to deal with static pages, where the <servlet-mapping> to the SPRINGMVC servlet above

<servlet-mapping>

<servlet-name>default</servlet-name>

<url-patten>*.css</url-patten>

</servlet-mapping>

<servlet-mapping>

<servlet-name>default</servlet-name>

<url-patten>*.js</url-patten>
</servlet-mapping>

<servlet-mapping>

<servlet-name>default</servlet-name>

<url-patten>*.png</url-patten>
</servlet-mapping>

If the picture has another format, add the change configuration


the easy way to configure is

<servlet-mapping>

<servlet-name>default</servlet-name>

<url-patten>*.css</url-patten>

<url-patten>*.js</url-patten>

<url-patten>*.png</url-patten>

<url-patten>images/*</url-patten>

<url-patten>static/*</url-patten>

</servlet-mapping>


The servlet-name of different service containers are not the same

Tomcat, Jetty, JBoss, GlassFish defaults servlet name: Default

Google App Engine default servlet name: _ah_default

Resin default servlet name: Resin-file

WebLogic default name: Fileservlet

WebSphere default servlet name: Simplefileservlet


2, spring3.0.4 after the use of <mvc:resources mapping= "" location= ""/>

Increase in Spring-mvc.xml configuration

<mvc:resources mapping= "/images/**" location= "/images/"/>

<mvc:resources mapping= "/js/**" location= "/js/"/>

Location indicates the path where the resource file is located, by default under WebApp, or location= "/web-inf/images/" If you want to put it under Web-inf

3, <mvc:default-servlet-handler/>
This way access performance is poor, this is equivalent to "/**" registered to simpleurlhandlermapping UrlMap, Transfer access to static resources from handlermapping to Org.springframework.servlet.resource.DefaultServletHttpRequestHandlet processing and return
Defaultservlethttprequesthandler is the default servlet

multiple handlermapping execution order for each servlet container itself:

Defaultannotationhandlermapping Order Property Value: 0

The order attribute value of the simpleurlhandlermapping <mvc:resources/> Autoenrollment is: 2147483646

<mvc:default-servlet-handler/ > Automatic registration of the Simpleurlhandlermapping order attribute value is: 2147483647 the


next article mainly said that SPRINGMVC interceptor to the authorization, After that, through the Apache Shrio authorization framework, the next certification and licensing






This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
page includes resources not secure s i to go set and service resources robocopy command to copy all files and folders and permissions file access permissions how to access secure ftp site from browser sql server script to list all logins and permissions

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More