Spring Boot服务静态内容被安全性阻止 [英] Spring Boot serving static content blocked by security
问题描述
我启动了Spring Boot + Angular应用程序,现在我想将整个东西部署为jar.因此,我创建了Maven配置,在其中构建了角度应用程序,然后将其复制到/target/classes/resources
I started Spring Boot + Angular application and for now I want to deploy whole thing as a jar. So I created maven config, where angular app gets built and then is copied to /target/classes/resources
但是,对root的每个请求(localhost:8080)都被安全性阻止.当我禁用它时,我可以看到该页面,这意味着整个东西都已正确部署,但是以某种方式spring不允许我看到它.这是我简单的安全配置,我希望静态资源不受保护,而其他任何请求都需要身份验证:
But every request to root (localhost:8080) gets blocked by security. When I disable it i can see the page, which means the whole thing is deployed correctly, but somehow spring does not allow me to see it. Here is my simple security config, I want static resources to be unprotected, while any other request requires authentication:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.anyRequest().authenticated()
.and().httpBasic();
}
}
我的问题的一个最小示例在这里: https://gitlab.com/jnowacki/security-issue-demo
A minimal example of my problem is here: https://gitlab.com/jnowacki/security-issue-demo
我尝试了这篇文章中的所有内容: 在Spring Boot& Spring Security应用程序 我在概念上做错了吗?与Spring Boot应用程序一起提供静态内容是错误的吗?
EDIT 2: I tries all the things from this post: Serving static web resources in Spring Boot & Spring Security application Do I do something wrong on a conceptual level? Is it wrong to serve static content along with Spring Boot app?
推荐答案
添加此其他替代项:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(AUTH_WHITELIST);
}
其中AUTH_WHITELIST
将包含要忽略的路径.例如:
where AUTH_WHITELIST
will contain the paths to be ignored. For instance:
private static final String[] SWAGGER_AUTH_WHITELIST = {
// -- swagger ui
"/v2/api-docs",
"/swagger-resources",
"/swagger-resources/**",
"/swagger-ui.html",
"/resources/**"
};
这篇关于Spring Boot服务静态内容被安全性阻止的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!