不会为注销的用户加载Html图像-Spring/SpringSecurity
如标题中所述,当用户收到my spring webapp的欢迎页面时,嵌入的html图像不会加载,只显示损坏的图像图标。 当用户登录时,所有图像都可以查看 没有出现错误,我感觉这与Spring的安全特性有关,是否有解决方案/解决方法 我的HTML代码:不会为注销的用户加载Html图像-Spring/SpringSecurity,html,spring,image,spring-mvc,spring-security,Html,Spring,Image,Spring Mvc,Spring Security,如标题中所述,当用户收到my spring webapp的欢迎页面时,嵌入的html图像不会加载,只显示损坏的图像图标。 当用户登录时,所有图像都可以查看 没有出现错误,我感觉这与Spring的安全特性有关,是否有解决方案/解决方法 我的HTML代码: <a> <img src="src/main/resources/static/images/logo.jpg"> </img></a> <a> <img src="/image
<a> <img src="src/main/resources/static/images/logo.jpg"> </img></a>
<a> <img src="/images/logo.jpg"> </img></a>
我的网站安全:
package com.FYP.Club.Security;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import com.FYP.Club.repository.UserLoginRepository;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserLoginRepository userLoginRepository;
//http.authorizeRequests().antMatchers("/", "/home", "/registeruser").permitAll().antMatchers("/admin").hasRole("ADMIN")
@Autowired
DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/home", "/registeruser").permitAll().antMatchers("/admin").hasRole("ADMIN")
.anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll().and().logout()
.permitAll();
http.exceptionHandling().accessDeniedPage("/403");
http.csrf().disable();
//disable csrf to allow communication (we also dont need for this fyp as its not live)
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select user_name,password,user_status from user_login where user_name=?")
.authoritiesByUsernameQuery("select user_name, password from user_login where user_name=?");
}
}
如果您需要更多代码,请告诉我 您应该将它们配置为被Spring Security忽略。 例如,将此方法添加到您的WebSecurity配置中:
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/fonts/**", "/images/**", "/css/**");
}
如果您使用此链接请求图像:
<a> <img src="/images/logo.jpg"> </img></a>