CSS在春季安全 [英] CSS in spring security
问题描述
我应该将CSS添加到登录后访问它的两个页面,其中使用spring security检查数据
I should add CSS to two pages to which it is accessed after a login for which data are checked with spring security
如何将CSS添加到这两个页面受春季保障保障?
How do I add CSS to these two pages protected with spring security?
task.jsp
<link rel="stylesheet" href="<c:url value=" resources/css/bootstrap.responsive.css" />" type="text/css">
<link rel="stylesheet" href="<c:url value=" resources/css/bootstrap.css" />" type="text/css">
<link rel="stylesheet" href="<c:url value=" resources/css/fontello-ie7.css" />" type="text/css">
<link rel="stylesheet" href="<c:url value=" resources/css/fontello.css" />" type="text/css">
<link rel="stylesheet" href="<c:url value=" resources/css/prettyPhoto.css" />" type="text/css">
<link rel="stylesheet" href="<c:url value=" resources/css/style.css" />" type="text/css">
DispatcherServlet.xml
<mvc:annotation-driven />
<mvc:resources mapping="/resources/**" location="/resources/" />
spring-security.xml
推荐答案
你没有提到你是否使用Spring Boot而且很可能你已经解决了这个问题 - 但我发布它希望它可以帮助其他人:
You did not mention whether you are using Spring Boot and most probably you already resolved this - but I am posting it hoping it could help someone else who:
-
使用Spring Boot;
uses Spring Boot;
将Spring Security添加为依赖项和
added Spring Security as a dependency, and
无法使用CSS(或使用其他静态资源)。
can not have CSS working (or using other static resource).
我有类似的问题,这就是我发现的:
I had similar problem and here is what I found:
如您所知,Spring Security会阻止资源,但应该授予的资源除外访问(如配置类或xml中所述)。据我所知,它在配置文件中大致如下所示:
As you know, Spring Security blocks resources except those which should be granted access (as stated in config classes or xml). As I know it was done approximately as follows in config files:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/css/**","/fonts/**","/libs/**");
}
但是,在上面添加之前请另外考虑一下:
However, before adding above please also consider this:
如果你按照教程实现Spring Security
If you implement Spring Security as per tutorial in
https://spring.io/guides/gs/securing-web/
你被告知将以下注释添加到配置类:
you are told to add following annotations to the config class:
@Configuration
@Configuration
@EnableWebSecurity
@EnableWebSecurity
但是根据这个来源(也是Spring自己的网站):
But according to this source (also Spring's own site) :
https://docs.spring.io/spring-boot/docs/current/reference/html/howto-security .html
上面的第二个注释...将关闭Spring Boot中的默认webapp安全设置...。
second annotation above "... will switch off the default webapp security settings in Spring Boot ...".
根据此源(下面提供的链接),Spring Boot项目的webapp安全设置b默认包含与上面提供的代码类似的代码(允许使用css或类似资源的代码)。
According to this source (link provided below) webapp security settings of Spring Boot projects by default contain code similar to one provided above (code which lets css or similar resources in) .
http://www.mkyong.com/spring-boot/spring-boot-spring-security-thymeleaf-example/
(请参阅源代码中的SpringSecurityConfig.java中的注释。
(see comments in SpringSecurityConfig.java in source code).
所以我注释掉了@EnableWebSecurity,所有其他Spring Security功能都按预期工作,同时css被授予访问权限。
So I commented out @EnableWebSecurity and all other Spring Security features work as expected while css is granted access.
希望有所帮助。
这篇关于CSS在春季安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
