Spring Boot服务静态内容被安全性阻止 [英] Spring Boot serving static content blocked by security

问题描述

我启动了Spring Boot + Angular应用程序，现在我想将整个东西部署为jar.因此，我创建了Maven配置，在其中构建了角度应用程序，然后将其复制到/target/classes/resources

I started Spring Boot + Angular application and for now I want to deploy whole thing as a jar. So I created maven config, where angular app gets built and then is copied to /target/classes/resources

但是，对root的每个请求(localhost:8080)都被安全性阻止.当我禁用它时，我可以看到该页面，这意味着整个东西都已正确部署，但是以某种方式spring不允许我看到它.这是我简单的安全配置，我希望静态资源不受保护，而其他任何请求都需要身份验证:

But every request to root (localhost:8080) gets blocked by security. When I disable it i can see the page, which means the whole thing is deployed correctly, but somehow spring does not allow me to see it. Here is my simple security config, I want static resources to be unprotected, while any other request requires authentication:

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
                .anyRequest().authenticated()
                .and().httpBasic();
    }
}

我的问题的一个最小示例在这里: https://gitlab.com/jnowacki/security-issue-demo

A minimal example of my problem is here: https://gitlab.com/jnowacki/security-issue-demo

我尝试了这篇文章中的所有内容: 在Spring Boot& Spring Security应用程序 我在概念上做错了吗?与Spring Boot应用程序一起提供静态内容是错误的吗?

EDIT 2: I tries all the things from this post: Serving static web resources in Spring Boot & Spring Security application Do I do something wrong on a conceptual level? Is it wrong to serve static content along with Spring Boot app?

推荐答案

添加此其他替代项:

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring()
            .antMatchers(AUTH_WHITELIST);
}

其中AUTH_WHITELIST将包含要忽略的路径.例如:

where AUTH_WHITELIST will contain the paths to be ignored. For instance:

private static final String[] SWAGGER_AUTH_WHITELIST = {
        // -- swagger ui
        "/v2/api-docs",
        "/swagger-resources",
        "/swagger-resources/**",
        "/swagger-ui.html",
        "/resources/**"
};

这篇关于Spring Boot服务静态内容被安全性阻止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！