将 CSS 文件添加到 Spring Boot + Spring Security Thymeleaf 文件中 [英] Add CSS file to Spring Boot + Spring Security Thymeleaf file

问题描述

我想将 CSS 文件添加到我的 HTML 文件中.当我尝试将 CSS 添加到 Spring Security 应用程序时出现了问题(我从事基本的 Spring 入门内容).我责怪 Spring Security，因为没有它，CSS 文件会正确加载.

I wanted to add CSS file to my HTML file. The problem appeared when I tried to add CSS to Spring Security application (I work on basic Spring Getting Started Content). I blame Spring Security because without it the CSS file loads properly.

Application.java 文件:

package mainpack;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class Application {

    public static void main(String[] args) throws Throwable {
        SpringApplication.run(Application.class, args);
    }
}

MvcConfig.java 文件:

package mainpack;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/home").setViewName("home");
        registry.addViewController("/").setViewName("home");
        registry.addViewController("/hello").setViewName("hello");
        registry.addViewController("/login").setViewName("login");
        registry.addViewController("/index").setViewName("index");
        registry.addViewController("/register").setViewName("register");
        registry.addViewController("/whatever").setViewName("whatever");
    }
}

WebSecurityConfig.java 文件:

package mainpack;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/", "/home", "/index", "/register", "../static/css", "../static/images").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }
}

我用 line 加载 CSS:

I load CSS with line:

<link href="../static/css/index.css" th:href="@{/css/index.css}" rel="stylesheet" />

在 index.html 文件中.

推荐答案

您的模式 ../static/css 与您的相对 URL ../static/css/index.css，见AntPathMatcher:

Your pattern ../static/css is not matching your relative URL ../static/css/index.css, see AntPathMatcher:

PathMatcher 实现 Ant 风格的路径模式.

PathMatcher implementation for Ant-style path patterns.

此映射代码的一部分是从 Apache Ant 善意借用的.

Part of this mapping code has been kindly borrowed from Apache Ant.

映射使用以下规则匹配 URL:

The mapping matches URLs using the following rules:

• ? 匹配一个字符
• * 匹配零个或多个字符
• ** 匹配路径中的零个或多个目录
• {spring:[a-z]+} 匹配正则表达式 [a-z]+ 作为名为spring"的路径变量

• ? matches one character
• * matches zero or more characters
• ** matches zero or more directories in a path
• {spring:[a-z]+} matches the regexp [a-z]+ as a path variable named "spring"

和 Spring Boot 参考:

默认情况下，资源映射在 /** 上，但您可以通过 spring.mvc.static-path-pattern 进行调整.

By default, resources are mapped on /** but you can tune that via spring.mvc.static-path-pattern.

您的请求将被重定向到登录表单，因为您尚未登录并且所有其他请求都需要身份验证.

Your request will be redirected to login form, because your are not logged in and all other requests need authentication.

要修复它，请将您的模式更改为 /css/** 和 /images/**.

To fix it, change your pattern to /css/** and /images/**.

静态资源更好的解决方案是WebSecurity#ignoring:

A better solution for static resources is WebSecurity#ignoring:

允许添加 Spring Security 应该忽略的 RequestMatcher 实例.Spring Security 提供的 Web Security(包括 SecurityContext)在匹配的 HttpServletRequest 上将不可用.通常，注册的请求应该只是静态资源的请求.对于动态请求，请考虑将请求映射为允许所有用户.

Allows adding RequestMatcher instances that Spring Security should ignore. Web Security provided by Spring Security (including the SecurityContext) will not be available on HttpServletRequest that match. Typically the requests that are registered should be that of only static resources. For requests that are dynamic, consider mapping the request to allow all users instead.

示例用法:

 webSecurityBuilder.ignoring()
 // ignore all URLs that start with /resources/ or /static/
                .antMatchers("/resources/**", "/static/**");

这篇关于将 CSS 文件添加到 Spring Boot + Spring Security Thymeleaf 文件中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！