問題:我無法訪問位于 Spring Boot 專案默認資源檔案夾下的靜態資源,如影像、js 或 css 檔案。我正在使用 Spring Boot 版本 (2.4.9)。現在,經過大量研究后,我想出了一個在 spring doc 網站上找到的解決方案,即使用以下代碼:
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
現在有趣的是,使用這段代碼后,我仍然無法訪問資源檔案夾下的任何檔案或檔案夾,但我可以訪問資源檔案夾下名為影像的檔案夾(我創建了它)。任何解決方案或有用的提示?
我的專案的目錄結構:
專案目錄截圖
安全組態檔:
package com.pisoft.informatics.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class DemoSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;
//bcrypt bean definition
/*
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
*/
@Autowired
private MeriCustomAuthenticationProvider authProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//auth.authenticationProvider(authenticationProvider());
auth.authenticationProvider(authProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//.antMatchers("/resources/**").permitAll()
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/")
.loginProcessingUrl("/authenticateTheUser")
.successHandler(customAuthenticationSuccessHandler)
.permitAll()
.and()
.logout()
.permitAll()
.and()
.csrf().disable();
}
}
自定義身份驗證提供程式檔案:
package com.pisoft.informatics.security;
import java.util.ArrayList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;
import com.pisoft.informatics.entity.user.CrmUser;
import com.pisoft.informatics.misc.EncryptionUtil1;
import com.pisoft.informatics.service.user.CrmUserService;
@Component
public class MeriCustomAuthenticationProvider implements AuthenticationProvider{
@Autowired
private CrmUserService userService;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
//System.out.println("name :" name " password :" password);
// use the credentials
CrmUser user= userService.findByUserName(name);
if(user!=null) {
if(password.equalsIgnoreCase(EncryptionUtil1.decode(user.getPassword()))) {
if(user.getStatus().equalsIgnoreCase("Active")) {
return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());
}
else {
return null;
}
}
else {
return null;
}
}
else {
return null;
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
SecurityWebApplicationInitializer 檔案:
package com.pisoft.informatics.security;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer{
}
CustomAuthenticationSuccessHandler 檔案:
package com.pisoft.informatics.security;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import com.pisoft.informatics.misc.*;
import com.pisoft.informatics.entity.user.CrmUser;
import com.pisoft.informatics.service.sidebar.ServiceHeader;
import com.pisoft.informatics.service.user.CrmUserService;
@Component
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Autowired
private CrmUserService crmUserService;
@Autowired
private ServiceHeader headerService;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
String userName = authentication.getName();
CrmUser theUser = crmUserService.findByUserName(userName);
// now place in the session
HttpSession session = request.getSession();
session.setAttribute("CRMUserDetails", theUser);
session.setAttribute("allMenus", headerService.getMeAllMainMenus());
session.setAttribute("greetings", WishUtill.Wish());
// forward to home page
response.sendRedirect(request.getContextPath() "/dashboard");
}
}
uj5u.com熱心網友回復:
/static 下有很多目錄與PathRequest.toStaticResources().atCommonLocations(). 匹配以下位置:/static/css/**、/static/js/**、/static/images/**、/static/webjars/**、/static/favicon.* 和 /static/* /圖示-*。這就是為什么您的影像可以訪問的原因。您需要為您的自定義位置添加 antMatchers permitAll()(例如antMatchers("/build/**", "/delete-popup/**", ...).permitAll().
轉載請註明出處,本文鏈接:https://www.uj5u.com/net/318175.html