Spring Security Thymleaf 静态资源不加载 [英] Spring Security Thymleaf static resources don't load
问题描述
我正在使用带有 Thymleaf 和 Spring-Security 的 SpringMVC.我想使用 Thymleaf 模板加载一个页面,我可以加载我的静态资源.
我想加载例如位于:static/img/theme/logo.png from template.html 中的图片
这是我所拥有的:结果
<小时>模板.html:
<前>身体>div 布局:fragment="content">a href="">img src="../static/img/theme/logo.png" alt="Logo">H1>你好/div>/身体><小时>
MvcConfig.java
<前>@配置公共类 MvcConfig 扩展了 WebMvcConfigurerAdapter {@覆盖public void addViewControllers(ViewControllerRegistry 注册表) {registry.addViewController("/home").setViewName("home");registry.addViewController("/index").setViewName("index");registry.addViewController("/template").setViewName("template");registry.addViewController("/layout").setViewName("layout");registry.addViewController("/login").setViewName("login");}@覆盖public void configureDefaultServletHandling(DefaultServletHandlerConfigurer 配置器) {配置器.启用();}}<小时>
网络安全配置:
<前>@配置@启用网络安全公共类 WebSecurityConfig 扩展了 WebSecurityConfigurerAdapter {//所有空闲页面列表私有静态最终字符串[] pagesFree = {/家",/模板",/布局",//百里香叶目录"/css/**","/js/**","/img/**","/fonts/**","/ico/**",/推特/**",/"};@覆盖protected void configure(HttpSecurity http) 抛出异常 {http.authorizeRequests().antMatchers(pagesFree).permitAll().anyRequest().authenticated().和().formLogin().loginPage("/登录").permitAll().和().登出().permitAll();}@自动连线public void configureGlobal(AuthenticationManagerBuilder auth) 抛出异常 {auth.inMemoryAuthentication().withUser("u").password("u").roles("USER");}}<小时>
在您的安全配置中,您将声明如下:
/** 公共 URL.*/私有静态最终字符串[] PUBLIC_MATCHERS = {"/webjars/**","/css/**","/js/**",/图片/**",/"};
然后是这样的:
@Overrideprotected void configure(HttpSecurity http) 抛出异常 {列表<字符串>activeProfiles = Arrays.asList(env.getActiveProfiles());如果(activeProfiles.contains(dev")){http.csrf().disable();http.headers().frameOptions().disable();}http.authorizeRequests().antMatchers(PUBLIC_MATCHERS).permitAll().anyRequest().authenticated().和().formLogin().loginPage("/login").defaultSuccessUrl("/payload").failureUrl("/login?error").permitAll().和().logout().permitAll();}
在您的 Thymeleaf 模板中,您可以声明如下内容:
<img class="featurette-image pull-left" th:src="@{/images/browser-icon-firefox.png}"/>
可以在此处找到您项目的工作副本.
I'm using SpringMVC with Thymleaf and Spring-Security. I want to load a page using Thymleaf template and I can load my static resources.
I want to load for example a picture located in : static/img/theme/logo.png from template.html
Here is what I have : result
template.html :
body> div layout:fragment="content"> a href="">img src="../static/img/theme/logo.png" alt="Logo"> h1>Hello /div> /body>
MvcConfig.java
@Configuration public class MvcConfig extends WebMvcConfigurerAdapter { @Override public void addViewControllers(ViewControllerRegistry registry) { registry.addViewController("/home").setViewName("home"); registry.addViewController("/index").setViewName("index"); registry.addViewController("/template").setViewName("template"); registry.addViewController("/layout").setViewName("layout"); registry.addViewController("/login").setViewName("login"); } @Override public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) { configurer.enable(); } }
WebSecurityConfig :
@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { //List of all free pages private static final String[] pagesFree = { "/home", "/template", "/layout", //Thymleaf directory "/css/**", "/js/**", "/img/**", "/fonts/**", "/ico/**", "/twitter/**", "/" }; @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers(pagesFree).permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .and() .logout() .permitAll(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("u").password("u").roles("USER"); } }
In your security configuration you would declare something like this:
/** Public URLs. */
private static final String[] PUBLIC_MATCHERS = {
"/webjars/**",
"/css/**",
"/js/**",
"/images/**",
"/"
};
Then something like this:
@Override
protected void configure(HttpSecurity http) throws Exception {
List<String> activeProfiles = Arrays.asList(env.getActiveProfiles());
if (activeProfiles.contains("dev")) {
http.csrf().disable();
http.headers().frameOptions().disable();
}
http
.authorizeRequests()
.antMatchers(PUBLIC_MATCHERS).permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").defaultSuccessUrl("/payload")
.failureUrl("/login?error").permitAll()
.and()
.logout().permitAll();
}
And in your Thymeleaf template you'd declare something like this:
<img class="featurette-image pull-left" th:src="@{/images/browser-icon-firefox.png}" />
A working copy of your project can be found here.
这篇关于Spring Security Thymleaf 静态资源不加载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!