Spring Security Static resource access

In the Spring Security encountered a small pit, is static resource loading problem.

When we inherit the Websecurityconfigureradapter , we will rewrite a few methods. To set the path that we want to filter or some rules for permissions.

@Configuration @enablewebsecuritypublic class Websecurityconfig extends Websecurityconfigureradapter {@Autowired Cus        Tomuserservice Customuserservice; @Override protected void Configure (Authenticationmanagerbuilder auth) throws Exception {Auth.userdetailsservice (    Customuserservice). Passwordencoder (New Bcryptpasswordencoder ()); } @Override public void Configure (Websecurity Web) throws Exception {web.ignoring (). Antmatchers ("/global/    **");        } @Override protected void Configure (Httpsecurity http) throws Exception {http//Start request permission Configuration        . Authorizerequests ()///We specify a mode in which any user can access multiple URLs. Any user can access URLs that begin with "/resources/", "/signup", or "/about". . Antmatchers ("/global/**", "/static/**"). Permitall ()//request matching/admin/** only users with role_admin roles can access it. ANTM Atchers ("/admin/**"). Hasrole ("admin")//Request matching/user/** have role_admin and role_user roles that users can access. Antmatchers ("/u   ser/** "). Hasanyrole (" ADMIN "," USER ")     Any URL that begins with "/db/" requires a user with both "role_admin" and "ROLE_DBA" permission to access it.        Same as above, our Hasrole method also does not use the "Role_" prefix. . Antmatchers ("/db/**"). Access ("Hasrole (' ADMIN ') and Hasrole (' DBA ')")//All other requests require authentication before they can be accessed. Anyrequest (). Authenticated (). and (). Formlogin ()//login interface, default login interface (does not work), default login failed interface, form submission address. LoginPage ("/login"). DEFAULTSUCC Essurl ("/index.html"). Failureurl ("/login?error=true")//Default user name key value, default password key value. Usernameparameter ("username"). PASSW        Ordparameter ("password"). Permitall (). and (). RememberMe (). Tokenvalidityseconds (1209600). Key ("RememberMe");//    . and ()/. Logout (). Logouturl (""). Logoutsuccessurl ("/index.html"). Permitall (); }    }

In general, I set the

// 任何用户都可以访问以"/resources/","/signup", 或者 "/about"开头的URL。.antMatchers("/global/**","/static/**").permitAll()

or a

    @Override    public void configure(WebSecurity web) throws Exception {           web.ignoring().antMatchers("/global/**");    }    

After that there should be no problem, we should be able to access our resources. But when you run the demo, you'll find that the world is not what you think it is. You are too young.

The static resources you want are still not loaded. Later found, we also need to configure the method in Springmvc addResourceHandlers .

@Configurationpublic class WebMvcConfig extends WebMvcConfigurationSupport {                @Override        protected void addViewControllers(ViewControllerRegistry registry) {            // TODO Auto-generated method stub            // 注册访问 /login 转向 page-login.html 页面            registry.addViewController("/login").setViewName("page-login.html");            super.addViewControllers(registry);        }                @Override        protected void addResourceHandlers(ResourceHandlerRegistry registry) {            // TODO Auto-generated method stub            registry.addResourceHandler("/**").addResourceLocations("classpath:/static/");            super.addResourceHandlers(registry);        }}

It seems that this time should be OK. Run ...

But it's still too young. is still not loaded into the resource.

This, this is a little messy ....

After a long long time, slept a sleep up.

It turns out the HTML is out of the question. Yes, there is something wrong with the HTML.

In the loading of CSS or JS resources, we have to write more standard.

<link href="/global/css/style.css" rel="stylesheet" type="text/css" /><script src="/global/js/custom.min.js" type="text/javascript"></script>

Instead of

<link href="/global/css/style.css"/><script src="/global/js/custom.min.js"></script>

Spring Security Static resource access