Spring Boot 2.0.0 &同一应用程序具有不同域的静态资源 [英] Spring Boot 2.0.0 & static resources with different domains for the same app

问题描述

我已将一个 Web 应用程序从 Spring Boot 1.5.10 迁移到 2.0.0，该应用程序通过不同的域提供内容，并与 Heroku 一起部署.主域工作正常，但对于其他域，Javascript、CSS、图像和图标等静态元素不起作用，浏览器出现此错误:

I have migrated a web app from Spring Boot 1.5.10 to 2.0.0, which serves content trough different domains and it is deployed with Heroku. The main domain works fine, but with the other ones the static elements like Javascript, CSS, images and icons don't work and the browser arises this error:

拒绝执行来自 '' 的脚本，因为其 MIME 类型('text/html')不可执行，并且启用了严格的 MIME 类型检查

静态资源位于:

/resources/static/css

/resources/static/js

/resources/static/images

所有域都使用 Heroku 提供的 Let's Encrypt SSL 证书进行保护.域都被重定向，包括主域，使用 CNAME 重定向到 Heroku 提供的地址.

All domains are secured with a Let's Encrypt SSL certificate, provided by Heroku. The domains are all redirected, including the main one, with a CNAME to the address provided by Heroku.

主域可以访问所有内容，次域只能访问目录中的内容.例如:

The main domain has access to all the content, and the secondary ones just can access to the content inside a directory. For example:

maindomain.com/1/ 工作正常，但 secondarydomain.com/1/ 不起作用.

maindomain.com/1/ works fine but secondarydomain.com/1/ doesn't work.

辅助域与主域的不同之处在于，通过 HandlerInterceptor 的实现，我们可以控制它们只能访问其目录中的内容.这是来自 preHandle 实现的代码:

What makes a secondary domain different from the main one, is that with an implementation of HandlerInterceptor we control that they just can access to the content from its directory. This is the code from the preHandle implementation:

@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

    serverName = request.getServerName();

    if("POST".equals(request.getMethod())){
        return true;
    }

    //We check if the request comes from one of the main domains
    if(!checkRentalWebsURL(RwConstants.SERVER_NAMES, serverName)){

        if(idweb == null){
            Web web = webRepository.getWebByDomain(serverName);  
            if(web != null){
                idweb = web.getIdweb();
            } else {
                response.sendRedirect(RwConstants.RW_URL);
            }
        }

        String URI = request.getRequestURI();
        String rootURI = "/" + idweb + "/";

        if(URI.equals("/") || !URI.startsWith(rootURI)){ 
            URI = rootURI;

            RequestDispatcher requestDispatcher = request.getRequestDispatcher(request.getContextPath() + URI);
            requestDispatcher.forward(request, response);

        }
    } 

    return true;
}

我试图通过在 WebSecurityConfigurerAdapter 的扩展中设置此代码来解决它:

I've tried to solve it setting this code at an extension of WebSecurityConfigurerAdapter:

http
 .authorizeRequests()
    .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()

推荐答案

解决方案是在拦截器注册中，在WebMvcConfigurer的实现中，排除不同静态资源的路径.这是代码的摘录:

The solution was to exclude the paths of the different static resources, in the interceptor registration, at the implementation of WebMvcConfigurer. This is an extract of the code:

public void addInterceptors(InterceptorRegistry registry) {
    ...        
    registry.addInterceptor(rootDomainInterceptor())
            .excludePathPatterns("/js/**", "/css/**", "/images/**", "/webjars/**");

}

rootDomainInterceptor() 是 HandleInterceptor 的一个实现，我用它来处理访问应用程序的不同域.

rootDomainInterceptor() is an implementation of HandleInterceptor, which I use to deal with the different domains accessing the app.

这篇关于Spring Boot 2.0.0 &同一应用程序具有不同域的静态资源的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！