Spring Security Thymleaf 静态资源不加载 [英] Spring Security Thymleaf static resources don't load

查看:35
本文介绍了Spring Security Thymleaf 静态资源不加载的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用带有 Thymleaf 和 Spring-Security 的 SpringMVC.我想使用 Thymleaf 模板加载一个页面,我可以加载我的静态资源.

我想加载例如位于:static/img/theme/logo.png from template.html 中的图片

这是我所拥有的:结果

<小时>

模板.html:

<前>身体>div 布局:fragment="content">a href="">img src="../static/img/theme/logo.png" alt="Logo">H1>你好/div>/身体>

<小时>

MvcConfig.java

<前>@配置公共类 MvcConfig 扩展了 WebMvcConfigurerAdapter {@覆盖public void addViewControllers(ViewControllerRegistry 注册表) {registry.addViewController("/home").setViewName("home");registry.addViewController("/index").setViewName("index");registry.addViewController("/template").setViewName("template");registry.addViewController("/layout").setViewName("layout");registry.addViewController("/login").setViewName("login");}@覆盖public void configureDefaultServletHandling(DefaultServletHandlerConfigurer 配置器) {配置器.启用();}}

<小时>

网络安全配置:

<前>@配置@启用网络安全公共类 WebSecurityConfig 扩展了 WebSecurityConfigurerAdapter {//所有空闲页面列表私有静态最终字符串[] pagesFree = {/家",/模板",/布局",//百里香叶目录"/css/**","/js/**","/img/**","/fonts/**","/ico/**",/推特/**",/"};@覆盖protected void configure(HttpSecurity http) 抛出异常 {http.authorizeRequests().antMatchers(pagesFree).permitAll().anyRequest().authenticated().和().formLogin().loginPage("/登录").permitAll().和().登出().permitAll();}@自动连线public void configureGlobal(AuthenticationManagerBuilder auth) 抛出异常 {auth.inMemoryAuthentication().withUser("u").password("u").roles("USER");}}

<小时>

源代码树

解决方案

在您的安全配置中,您将声明如下:

/** 公共 URL.*/私有静态最终字符串[] PUBLIC_MATCHERS = {"/webjars/**","/css/**","/js/**",/图片/**",/"};

然后是这样的:

@Overrideprotected void configure(HttpSecurity http) 抛出异常 {列表<字符串>activeProfiles = Arrays.asList(env.getActiveProfiles());如果(activeProfiles.contains(dev")){http.csrf().disable();http.headers().frameOptions().disable();}http.authorizeRequests().antMatchers(PUBLIC_MATCHERS).permitAll().anyRequest().authenticated().和().formLogin().loginPage("/login").defaultSuccessUrl("/payload").failureUrl("/login?error").permitAll().和().logout().permitAll();}

在您的 Thymeleaf 模板中,您可以声明如下内容:

<img class="featurette-image pull-left" th:src="@{/images/browser-icon-firefox.png}"/>

可以在此处找到您项目的工作副本.

I'm using SpringMVC with Thymleaf and Spring-Security. I want to load a page using Thymleaf template and I can load my static resources.

I want to load for example a picture located in : static/img/theme/logo.png from template.html

Here is what I have : result

template.html :



       body>
            div layout:fragment="content">

                a href="">img src="../static/img/theme/logo.png" alt="Logo">

                h1>Hello

            /div>

        /body>

MvcConfig.java


 @Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/home").setViewName("home");
        registry.addViewController("/index").setViewName("index");
        registry.addViewController("/template").setViewName("template");
        registry.addViewController("/layout").setViewName("layout");
        registry.addViewController("/login").setViewName("login");

    }



    @Override
    public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
        configurer.enable();
    }


}

WebSecurityConfig : 


    @Configuration
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {


        //List of all free pages

        private static final String[] pagesFree = {
                "/home",
                "/template",
                "/layout",

                //Thymleaf directory
                "/css/**",
                "/js/**",
                "/img/**",
                "/fonts/**",
                "/ico/**",
                "/twitter/**",
                "/"
                };



        @Override
        protected void configure(HttpSecurity http) throws Exception {



            http
                .authorizeRequests()
                    .antMatchers(pagesFree).permitAll()
                    .anyRequest().authenticated()
                    .and()
                .formLogin()
                    .loginPage("/login")
                    .permitAll()
                    .and()
                .logout()
                    .permitAll();
        }

        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication()
                    .withUser("u").password("u").roles("USER");
        }


    }

Source Code tree

解决方案

In your security configuration you would declare something like this: 

/** Public URLs. */
private static final String[] PUBLIC_MATCHERS = {
        "/webjars/**",
        "/css/**",
        "/js/**",
        "/images/**",
        "/"
};

Then something like this: 

@Override
protected void configure(HttpSecurity http) throws Exception {

    List<String> activeProfiles = Arrays.asList(env.getActiveProfiles());
    if (activeProfiles.contains("dev")) {
        http.csrf().disable();
        http.headers().frameOptions().disable();
    }

    http
            .authorizeRequests()
            .antMatchers(PUBLIC_MATCHERS).permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login").defaultSuccessUrl("/payload")
            .failureUrl("/login?error").permitAll()
            .and()
            .logout().permitAll();
}

And in your Thymeleaf template you'd declare something like this: 

<img class="featurette-image pull-left" th:src="@{/images/browser-icon-firefox.png}" />

A working copy of your project can be found here.

这篇关于Spring Security Thymleaf 静态资源不加载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆