Spring Security Static resource access

Source: Internet
Author: User
Tags stub

In the Spring Security encountered a small pit, is static resource loading problem.

When we inherit the Websecurityconfigureradapter , we will rewrite a few methods. To set the path that we want to filter or some rules for permissions.

@Configuration @enablewebsecuritypublic class Websecurityconfig extends Websecurityconfigureradapter {@Autowired Cus        Tomuserservice Customuserservice; @Override protected void Configure (Authenticationmanagerbuilder auth) throws Exception {Auth.userdetailsservice (    Customuserservice). Passwordencoder (New Bcryptpasswordencoder ()); } @Override public void Configure (Websecurity Web) throws Exception {web.ignoring (). Antmatchers ("/global/    **");        } @Override protected void Configure (Httpsecurity http) throws Exception {http//Start request permission Configuration        . Authorizerequests ()///We specify a mode in which any user can access multiple URLs. Any user can access URLs that begin with "/resources/", "/signup", or "/about". . Antmatchers ("/global/**", "/static/**"). Permitall ()//request matching/admin/** only users with role_admin roles can access it. ANTM Atchers ("/admin/**"). Hasrole ("admin")//Request matching/user/** have role_admin and role_user roles that users can access. Antmatchers ("/u   ser/** "). Hasanyrole (" ADMIN "," USER ")     Any URL that begins with "/db/" requires a user with both "role_admin" and "ROLE_DBA" permission to access it.        Same as above, our Hasrole method also does not use the "Role_" prefix. . Antmatchers ("/db/**"). Access ("Hasrole (' ADMIN ') and Hasrole (' DBA ')")//All other requests require authentication before they can be accessed. Anyrequest (). Authenticated (). and (). Formlogin ()//login interface, default login interface (does not work), default login failed interface, form submission address. LoginPage ("/login"). DEFAULTSUCC Essurl ("/index.html"). Failureurl ("/login?error=true")//Default user name key value, default password key value. Usernameparameter ("username"). PASSW        Ordparameter ("password"). Permitall (). and (). RememberMe (). Tokenvalidityseconds (1209600). Key ("RememberMe");//    . and ()/. Logout (). Logouturl (""). Logoutsuccessurl ("/index.html"). Permitall (); }    }

In general, I set the

// 任何用户都可以访问以"/resources/","/signup", 或者 "/about"开头的URL。.antMatchers("/global/**","/static/**").permitAll()

or a

    @Override    public void configure(WebSecurity web) throws Exception {           web.ignoring().antMatchers("/global/**");    }    

After that there should be no problem, we should be able to access our resources. But when you run the demo, you'll find that the world is not what you think it is. You are too young.

The static resources you want are still not loaded. Later found, we also need to configure the method in Springmvc addResourceHandlers .

@Configurationpublic class WebMvcConfig extends WebMvcConfigurationSupport {                @Override        protected void addViewControllers(ViewControllerRegistry registry) {            // TODO Auto-generated method stub            // 注册访问 /login 转向 page-login.html 页面            registry.addViewController("/login").setViewName("page-login.html");            super.addViewControllers(registry);        }                @Override        protected void addResourceHandlers(ResourceHandlerRegistry registry) {            // TODO Auto-generated method stub            registry.addResourceHandler("/**").addResourceLocations("classpath:/static/");            super.addResourceHandlers(registry);        }}

It seems that this time should be OK. Run ...

But it's still too young. is still not loaded into the resource.

This, this is a little messy ....

After a long long time, slept a sleep up.

It turns out the HTML is out of the question. Yes, there is something wrong with the HTML.

In the loading of CSS or JS resources, we have to write more standard.

<link href="/global/css/style.css" rel="stylesheet" type="text/css" /><script src="/global/js/custom.min.js" type="text/javascript"></script>

Instead of

<link href="/global/css/style.css"/><script src="/global/js/custom.min.js"></script>

Spring Security Static resource access

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.