Spring mvc backkground图像仅在Spring Server中执行loggin后显示
我正在开发一个Spring服务器,它允许使用登录页面进行访问 此登录页面的背景图像不是第一次显示的。如果我输入一个有效的用户和密码,然后返回登录页面,现在会显示背景图像 所以,我认为这可能是一些安全问题 这是登录页面代码:Spring mvc backkground图像仅在Spring Server中执行loggin后显示,spring-mvc,login,spring-security,background-image,Spring Mvc,Login,Spring Security,Background Image,我正在开发一个Spring服务器,它允许使用登录页面进行访问 此登录页面的背景图像不是第一次显示的。如果我输入一个有效的用户和密码,然后返回登录页面,现在会显示背景图像 所以,我认为这可能是一些安全问题 这是登录页面代码: <!DOCTYPE html> <html> <head> <title>Login PalmasLab</title> <link rel="stylesheet" h
<!DOCTYPE html>
<html>
<head>
<title>Login PalmasLab</title>
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css">
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap-theme.min.css">
<style>
body
{
background: url('/img/login_background3.png');
background-size: 100%;
background-repeat: no-repeat;
}
</style>
</head>
<body onload='document.f.username.focus();'>
<div class="container theme-showcase" role="main">
<div class="jumbotron" id="title_jumbotron">
<form name='f' action='/' method='POST'>
<table>
<tr><td> <h4 >PalmasLab <small >Login</small></h4></td></tr>
<tr><td> <input class="form-control" type='text'placeholder="Nome de Usuario" name='username' value='' ></td></tr>
<tr><td><input class="form-control" type='password' placeholder="Senha" name='password' style="margin-top:2px;" /></td></tr>
<tr><td><input class="btn btn-success btn-sm" name="submit" type="submit" value="Entra" style="width:100%; margin-top:5px;"/></td></tr>
</table>
</form>
</div>
</div>
</body></html>
登录PalmasLab
身体
{
背景:url('/img/login_background3.png');
背景大小:100%;
背景重复:无重复;
}
PalmasLab登录
@EntityScan(basePackages= "palmaslab.mapas.repository")
@EnableJpaRepositories(basePackages= "palmaslab.mapas.repository"/*.PostoSaudeRepository.class*/)
@Configuration
@EnableAutoConfiguration
@ComponentScan(basePackages="palmaslab.mapas.controller")
@Import({palmaslab.mapas.security.SecurityConfiguration.class})
//@Import({palmaslab.mapas.security.OAuth2SecurityConfiguration.class})
@EnableWebMvc
@PropertySource("application.properties")
public class Application extends /*WebMvcConfigurerAdapter*/ RepositoryRestMvcConfiguration{
private static final String[] CLASSPATH_RESOURCE_LOCATIONS = {
"classpath:/META-INF/resources/", "classpath:/resources/",
"classpath:/static/", "classpath:/public/" };
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Bean
public LocalContainerEntityManagerFactoryBean entityManagerFactory(
DataSource dataSource, JpaVendorAdapter jpaVendorAdapter) {
LocalContainerEntityManagerFactoryBean lef = new LocalContainerEntityManagerFactoryBean();
lef.setDataSource(dataSource);
lef.setJpaVendorAdapter(jpaVendorAdapter);
lef.setPackagesToScan("palmaslab.mapas.controller");
return lef;
}
@Bean
public JpaVendorAdapter jpaVendorAdapter() {
HibernateJpaVendorAdapter hibernateJpaVendorAdapter = new HibernateJpaVendorAdapter();
hibernateJpaVendorAdapter.setShowSql(false);
hibernateJpaVendorAdapter.setGenerateDdl(true); //Auto creating scheme when true
hibernateJpaVendorAdapter.setDatabase(Database.H2);//Database type
return hibernateJpaVendorAdapter;
}
@Bean
public SpringTemplateEngine templateEngine() {
SpringTemplateEngine engine = new SpringTemplateEngine();
Set<IDialect> dialects = new HashSet<IDialect>();
dialects.add(new SpringSecurityDialect());
dialects.add(new LayoutDialect());
engine.setAdditionalDialects(dialects);
LinkedHashSet<ITemplateResolver> templateResolvers = new LinkedHashSet<ITemplateResolver>(2);
templateResolvers.add(templateResolverServlet());
templateResolvers.add(layoutTemplateResolverServlet());
engine.setTemplateResolvers(templateResolvers);
return engine;
}
@Bean
public ServletContextTemplateResolver layoutTemplateResolverServlet() {
ServletContextTemplateResolver templateResolver = new ServletContextTemplateResolver();
templateResolver.setPrefix("/WEB-INF/layout/");
templateResolver.setSuffix("");
templateResolver.setTemplateMode("LEGACYHTML5");
templateResolver.setOrder(1);
templateResolver.setCacheable(false);
return templateResolver;
}
@Bean
public ServletContextTemplateResolver templateResolverServlet() {
ServletContextTemplateResolver templateResolver = new ServletContextTemplateResolver();
templateResolver.setPrefix("/WEB-INF/view/");
// System.out.println("templateResolver.getName()"+templateResolver.getName());
templateResolver.setSuffix(".html");
templateResolver.setTemplateMode("LEGACYHTML5");
// templateResolver.setTemplateMode("HTML5");
templateResolver.setOrder(2);
templateResolver.setCacheable(false);
return templateResolver;
}
@Bean
public ViewResolver MobileResolver() {
ThymeleafViewResolver resolver = new ThymeleafViewResolver();
resolver.setTemplateEngine(templateEngine());
resolver.setOrder(0);
String [] exclusions = new String [1];
exclusions[0] = "mobile*";
resolver.setViewNames(exclusions);
// resolver.setCharacterEncoding("ISO-8859-1");
resolver.setCharacterEncoding("UTF-8");
resolver.setContentType("application/json");
resolver.setCache(false);
return resolver;
}
@Bean
public ViewResolver thymeleafViewResolver() {
ThymeleafViewResolver resolver = new ThymeleafViewResolver();
resolver.setTemplateEngine(templateEngine());
resolver.setOrder(1);
// resolver.setCharacterEncoding("ISO-8859-1");
resolver.setCharacterEncoding("UTF-8");
resolver.setCache(false);
return resolver;
}
/*@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/WEB-INF/view/");
resolver.setSuffix(".jsp");
System.out.println("!!!!!!!!! internal resourceView");
return resolver;
}*/
//-------------------------------------__>>>>>>>>>>>>>>>>DESCOMENTAR !!!!!!!!!!!!!!!!!!!!!!!!!----------
@Bean
public ServletRegistrationBean dispatcherRegistration() {
ServletRegistrationBean registration = new ServletRegistrationBean(dispatcherServlet());
registration.addUrlMappings("/");
registration.setLoadOnStartup(1);
System.out.println("~~~~~~~ Servlet regristated " + registration.getServletName());
return registration;
}
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
@Bean
public DispatcherServlet dispatcherServlet() {
return new DispatcherServlet();
}
@Bean
public MultipartConfigElement multipartConfigElement() {
MultipartConfigFactory factory = new MultipartConfigFactory();
factory.setMaxFileSize("9999999KB");
factory.setMaxRequestSize("9999999KB");
return factory.createMultipartConfig();
}
@Bean
public MultipartResolver multipartResolver() {
CommonsMultipartResolver resolver = new CommonsMultipartResolver();
resolver.setMaxUploadSize(999999999);
return resolver;
}
@Bean
public CommonsMultipartResolver filterMultipartResolver() {
CommonsMultipartResolver resolver=new CommonsMultipartResolver();
// resolver.setDefaultEncoding("ISO-8859-1");
resolver.setDefaultEncoding("UTF-8");
resolver.setMaxUploadSize(999999999);
resolver.setMaxInMemorySize(999999999);
return resolver;
}
/*
@Bean
public MultipartResolver multipartResolver() {
return new StandardServletMultipartResolver();
}*/
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory();
factory.setPort(8080);
factory.setSessionTimeout(5, TimeUnit.MINUTES);
//factory.addErrorPages(new ErrorPage(HttpStatus.404, "/notfound.html"));
return factory;
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
if (!registry.hasMappingForPattern("/webjars/**")) {
registry.addResourceHandler("/webjars/**").addResourceLocations(
"classpath:/META-INF/resources/webjars/");
}
if (!registry.hasMappingForPattern("/locals/**")) {
registry.addResourceHandler("/locals/**").addResourceLocations(
"classpath:/locals");
}
if (!registry.hasMappingForPattern("/**")) {
registry.addResourceHandler("/**").addResourceLocations(
CLASSPATH_RESOURCE_LOCATIONS);
}
}
}
@EntityScan(basePackages=“palmaslab.mapas.repository”)
@EnableJpaRepositories(basePackages=“palmaslab.mapas.repository”/*.PostoSaudeRepository.class*/)
@配置
@启用自动配置
@ComponentScan(basePackages=“palmaslab.mapas.controller”)
@导入({palmaslab.mapas.security.SecurityConfiguration.class})
//@导入({palmaslab.mapas.security.OAuth2SecurityConfiguration.class})
@EnableWebMvc
@PropertySource(“application.properties”)
公共类应用程序扩展/*WebMVCConfigureAdapter*/RepositoryRestMvcConfiguration{
私有静态最终字符串[]类路径\资源\位置={
“类路径:/META-INF/resources/”,“类路径:/resources/”,
“类路径:/static/”,“类路径:/public/”};
公共静态void main(字符串[]args){
SpringApplication.run(Application.class,args);
}
@豆子
公共LocalContainerEntityManagerFactoryBean entityManagerFactory(
数据源数据源,JpaVendorAdapter(JpaVendorAdapter){
LocalContainerEntityManagerFactoryBean lef=新的LocalContainerEntityManagerFactoryBean();
lef.setDataSource(数据源);
lef.setJpaVendorAdapter(jpaVendorAdapter);
lef.setPackagesToScan(“palmaslab.mapas.controller”);
返回lef;
}
@豆子
公共JpaVendorAdapter JpaVendorAdapter(){
hibernatejbavendorapter hibernatejbavendorapter=新的hibernatejbavendorapter();
hibernatejbavendorapter.setShowSql(false);
HibernateJavaEndorapter.setGenerateDdl(true);//为true时自动创建方案
HibernateJavaEndorapter.setDatabase(Database.H2);//数据库类型
返回HibernateJavaEndorapter;
}
@豆子
公共SpringTemplateEngine templateEngine(){
SpringTemplateEngine=新的SpringTemplateEngine();
Set方言=新HashSet();
add(新的SpringSecurityDialogue());
添加(新布局方言());
引擎设置附加方言(方言);
LinkedHashSet templateResolvers=新LinkedHashSet(2);
add(templateResolverServlet());
add(layoutTemplateResolverlet());
引擎设置模板解算器(模板解算器);
返回引擎;
}
@豆子
public ServletContextTemplateResolver layoutTemplateResolverServlet(){
ServletContextTemplateResolver templateResolver=新的ServletContextTemplateResolver();
templateResolver.setPrefix(“/WEB-INF/layout/”);
templateResolver.setSuffix(“”);
setTemplateMode(“LEGACYHTML5”);
templateResolver.setOrder(1);
templateResolver.setCacheable(false);
返回templateResolver;
}
@豆子
public ServletContextTemplateResolver templateResolverServlet(){
ServletContextTemplateResolver templateResolver=新的ServletContextTemplateResolver();
templateResolver.setPrefix(“/WEB-INF/view/”);
//System.out.println(“templateResolver.getName()”+templateResolver.getName());
templateResolver.setSuffix(“.html”);
setTemplateMode(“LEGACYHTML5”);
//setTemplateMode(“HTML5”);
templateResolver.setOrder(2);
templateResolver.setCacheable(false);
返回templateResolver;
}
@豆子
公共视图解析程序MobileResolver(){
ThymileAfViewResolver解析器=新的ThymileAfViewResolver();
resolver.setTemplateEngine(templateEngine());
解析程序。设置顺序(0);
字符串[]排除项=新字符串[1];
除外条款[0]=“移动*”;
解析程序。setViewNames(除外);
//分解器。setCharacterEncoding(“ISO-8859-1”);
解析器.setCharacterEncoding(“UTF-8”);
setContentType(“应用程序/json”);
resolver.setCache(false);
返回解析器;
}
@豆子
公共ViewResolver(){
ThymileAfViewResolver解析器=新的ThymileAfViewResolver();
resolver.setTemplateEngine(templateEngine());
解析程序设置顺序(1);
//分解器。setCharacterEncoding(“ISO-8859-1”);
解析器.setCharacterEncoding(“UTF-8”);
resolver.setCache(false);
返回解析器;
}
/*@豆子
公共内部资源viewResolver viewResolver(){
InternalResourceViewResolver解析器=新的InternalResourceViewResolver();
resolver.setPrefix(“/WEB-INF/view/”);
resolver.setSuffix(“.jsp”);
System.out.println(“!!!!!!!!!!!内部资源视图”);
返回解析器;
}*/
//-------------------------------------__>>>>>>>>>>>>>>>>Descometar!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!------------
@豆子
public ServletRegistrationBean dispatcherRegistration(){
ServletRegistrationBean注册=新的ServletRegistrationBean(dispatc
@Configuration
//Setup Spring Security to intercept incoming requests to the Controllers
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final AuthenticationSuccessHandler NO_REDIRECT_SUCCESS_HANDLER = new AuthenticationSuccessHandler() {
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
response.setStatus(HttpStatus.SC_OK);
}
};
private static final AuthenticationSuccessHandler CUSTOMIZED_REDIRECT_SUCCESS_HANDLER = new AuthenticationSuccessHandler() {
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
for (GrantedAuthority grantedAuthority : authorities) {
if (grantedAuthority.getAuthority().equals("mobile")) {
response.setStatus(HttpStatus.SC_OK);
}
}
}
};
private static final LogoutSuccessHandler JSON_LOGOUT_SUCCESS_HANDLER = new LogoutSuccessHandler() {
public void onLogoutSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
response.setStatus(HttpStatus.SC_OK);
response.setContentType("application/json");
response.getWriter().write("{}");
}
};
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.csrf().disable();
http.requestCache().requestCache(new NullRequestCache());
http.formLogin()
.loginPage("/login")
.loginProcessingUrl("/")
.successHandler(new MySimpleUrlAuthenticationSuccessHandler())
// Allow everyone to access the login URL
.permitAll();
http.logout()
.logoutUrl("/home")
.logoutSuccessHandler(JSON_LOGOUT_SUCCESS_HANDLER)
.permitAll();
http.authorizeRequests().anyRequest().authenticated();
http.csrf().disable();
}
@Autowired
protected void registerAuthentication(
final AuthenticationManagerBuilder auth) throws Exception {
// This example creates a simple in-memory UserDetailService that
// is provided by Spring
auth.inMemoryAuthentication()
.withUser("xxx")
.password("xxx")
.authorities("admin","user")
;
}
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.csrf().disable();
http.requestCache().requestCache(new NullRequestCache());
http.formLogin()
.loginPage("/login")
.loginProcessingUrl("/")
.successHandler(new MySimpleUrlAuthenticationSuccessHandler())
.permitAll();
http.authorizeRequests().antMatchers("/img/**").permitAll();// ALLOW GET RESOURCES FROM THIS FOLDER WITHOUT LOGGIN !!!
}