PicketLink保护阻止加载JSF 2.2资源协定 [英] PicketLink protection stops JSF 2.2 resource contract from being loaded

问题描述

我有一个带有合同和几个页面的JSF 2.2 Web应用程序，直接位于WebContent文件夹中.合同由图像，模板文件 template.xhtml 和CSS文件 global.css 组成.到目前为止，一切都按预期进行.

I have a JSF 2.2 webapp with a contract and several pages, located directly in the WebContent folder. The contract consists of an image, a template file template.xhtml and a css file global.css. So far everything is working as expected.

现在，我想使用PicketLink进行用户身份验证和授权，并遵循了教程( http://localhost:8080/MyTestProject/login.xhtml MIME类型是"text/html"而不是"text/css"".

Now I want to use PicketLink for user authentication and authorization and have followed a tutorial (http://www.ocpsoft.org/security/simple-java-ee-jsf-login-page-with-jboss-picketlink-security/), but when accessing my pages the image and css files are unable to be loaded, only the template applies, so my page has no CSS styles applied at all and in the Firefox Inspector there is a line that reads (translated from German): "Stylesheet http://localhost:8080/MyTestProject/login.xhtml wasn't loaded because its MIME type is "text/html" and not "text/css"".

更换后

builder.http().allPaths().authenticateWith().form()... and so on

在 HttpSecurityConfiguration 类中使用

in the HttpSecurityConfiguration class with

builder.http().allPaths().unprotected()

可以再次加载图像和CSS.

the image and css can be loaded again.

我已经尝试了以下方法(以及其他一些方法)，但是并没有解决问题:

I have tried the following (and some other paths) but it did not solve the problem:

.forPath("/contracts/*").unprotected();

如何从PicketLink保护中排除合同文件夹?

这是我完整的HttpSecurityConfiguration类:

Here is my complete HttpSecurityConfiguration class:

@ApplicationScoped
public class HttpSecurityConfiguration {

    public void onInit(@Observes SecurityConfigurationEvent event) {

    SecurityConfigurationBuilder builder = event.getBuilder();

    builder
    .http()
    .allPaths()
    .authenticateWith()
    .form()
    .loginPage("/login.xhtml")
    .errorPage("/loginError.xhtml")
    .restoreOriginalRequest()
    .forPath("/logout")
    .logout()
    .redirectTo("/index.xhtml")
    .forPath("/index.xhtml")
    .unprotected()
    //      .forPath("/contracts/*")
    //      .unprotected()
    ;
  }
}

编辑 为了回应Kukeltje的评论，我将CSS包含在模板中，

EDIT In reply to the comment from Kukeltje, I include the CSS in the template with

<h:head>
   <title><ui:insert name="title">MyTestProject</ui:insert></title>
   <h:outputStylesheet name="global.css" />
</h:head>

和带有图片的

<h:graphicImage class="feature" name="logo-main.png" width="900" height="270" />

我还尝试将 javax.faces.resource 包含为不受保护的内容，但仍然无法正常工作.

I also tried to include javax.faces.resource as unprotected, still not working though.

编辑#2 以下内容也不起作用，我从文档中得到了这个主意(

EDIT #2 The following is also not working, I got the idea from the documentation (PicketLink Reference Chapter 12.2):

.forPath("/*.png").unprotected()
.forPath("/*.css").unprotected()

推荐答案

我能够通过以下安全配置解决我的问题:

I was able to solve my problem with the following security configuration:

.forPath("/javax.faces.resource/*.png.xhtml").unprotected()

我在Firefox Inspector中看到浏览器尝试从/MyTestProject/javax.faces.resource/logo-main.png.xhtml?con=TemplateBlue加载图像，因此尝试上述操作似乎是合乎逻辑的，并且可行！

I've seen in my Firefox Inspector that the browser tried to load the image from /MyTestProject/javax.faces.resource/logo-main.png.xhtml?con=TemplateBlue, so trying the above seemed logical and it works!

这篇关于PicketLink保护阻止加载JSF 2.2资源协定的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！