Java 使用Spring Security时引导程序不工作
我目前正在研究SpringBoot,并在做一个小样本项目。但是,由于在Spring Boot安全包中使用Bootstrap,我面临着一个非常令人困惑的问题。当我使用下面的代码时,页面不会显示引导Java 使用Spring Security时引导程序不工作,java,spring-boot,spring-mvc,spring-security,twitter-bootstrap-3,Java,Spring Boot,Spring Mvc,Spring Security,Twitter Bootstrap 3,我目前正在研究SpringBoot,并在做一个小样本项目。但是,由于在Spring Boot安全包中使用Bootstrap,我面临着一个非常令人困惑的问题。当我使用下面的代码时,页面不会显示引导 @Configuration public class SecurityConfiguration extends WebSecurityConfigurerAdapter{ @Override protected void configure(HttpSecurity httpSec
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests().antMatchers("/","/products","/product/show/*","/console/**").permitAll();
httpSecurity.csrf().disable();
httpSecurity.headers().frameOptions().disable();
}
}
我的SecurityConfiguration.java如下所示
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests().antMatchers("/","/products","/product/show/*","/console/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.and()
.logout().permitAll();
httpSecurity.csrf().disable();
httpSecurity.headers().frameOptions().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("admin").password("{noop}admin").roles("ADMIN")
.and().withUser("user").password("{noop}user").roles("USER");
}
}
我觉得有点困惑的是,我得到了一个301/未修改的,但当我尝试这样做以防止缓存问题时,我完全重新打开了浏览器并使用了一个私有窗口
当我禁用几乎所有的安全功能时,我的页面将使用引导正确呈现
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests().antMatchers("/","/products","/product/show/*","/console/**").permitAll();
httpSecurity.csrf().disable();
httpSecurity.headers().frameOptions().disable();
}
}
我使用Webjars
<dependency>
<groupId>org.webjars</groupId>
<artifactId>bootstrap</artifactId>
<version>3.3.4</version>
</dependency>
上面的include位于名为headerinc.html
的文件中,该文件包含在acutal页面中,如下所示:
<!DOCTYPE html>
<html>
<head lang="en">
<title>Spring Framework Guru</title>
<!--/*/ <th:block th:include="fragments/headerinc :: head"></th:block> /*/-->
</head>
<body>
<div class="container">
<!--/*/ <th:block th:include="fragments/header :: header"></th:block> /*/-->
</div>
</body>
</html>
Spring框架大师
不可能是什么问题:例如,不使用mvn clean/mvn install。是我干的
有人能给我指一下正确的方向吗?提前感谢。使用此选项授权src/main/resources/static文件夹中可用的所有资源文件,您可以相应地添加文件夹
//this method allows static resources to be neglected by spring security
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**", "/static/**","/webjars/**");
}
对于我来说,解决方案如下:
@覆盖
受保护的无效配置(HttpSecurity http)引发异常{
http.authorizeRequests()
.anyRequest().authenticated()。。。;
}
请尝试将此方法添加到SecurityConfiguration文件中,可能会有所帮助。@Override public void configure(WebSecurity web)引发异常{web.ignering().antMatchers(“/webjars/**”);}