在受保护的Spring Boot应用程序中访问静态内容 [英] access static content in secured Spring Boot application
问题描述
我有一个独立的Spring Boot应用程序,在/src/main/resources/templates中有模板,在/src/main/resources/static中有静态内容.我希望在身份验证之前可以访问静态内容,因此CSS也会在登录页面上加载.现在,仅在身份验证后加载.我的安全配置如下:
I have a standalone Spring Boot application with templates in /src/main/resources/templates and static content in /src/main/resources/static. I would like the static content to be accessible before authentication, so the CSS loads on the login page as well. Now it only loads after authentication. My security configuration looks like this:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger logger = Logger.getLogger(SecurityConfig.class);
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
try {
auth.inMemoryAuthentication()
...
} catch (Exception e) {
logger.error(e);
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.formLogin()
.defaultSuccessUrl("/projects", true)
.loginPage("/login")
.permitAll()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"))
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/static/**").permitAll()
.anyRequest().authenticated();
}
}
推荐答案
classpath:/static中的静态内容在应用程序的根目录(即/*)处提供,无论应用程序是否安全,因此您需要匹配根目录下的特定路径.默认情况下,Spring Boot允许所有对/js/**,/css/**,/images/**的访问(有关详细信息,请参见SpringBootWebSecurityConfiguration),但是您可能已将其关闭(看不到其余的代码).
The static content in classpath:/static is served at the root of the application (i.e. /*), whether or not the application is secure, so you need to match on specific paths underneath the root. Spring Boot permits all access by default to /js/**, /css/**, /images/** (see SpringBootWebSecurityConfiguration for details), but you may have switched that off (can't see the rest of your code).
这篇关于在受保护的Spring Boot应用程序中访问静态内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
