Spring 安全无法访问 /resources 下的文件
Spring security can't access files under /resources
您好,我正在尝试在我的应用程序的 /resources 文件夹中包含一个前端。
我的目录结构如下:
src
main
java // backend located here
webapp
resource //my html/css/js
我正在使用 oauth 来保证后端的安全:
MethodSecurityConfig.java
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
return new OAuth2MethodSecurityExpressionHandler();
}
}
ResourceServerConfigurerAdapter.java
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**").permitAll().and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and().authorizeRequests().anyRequest().authenticated();
}
}
ResourceWebConfig.java
@Configuration
@EnableWebMvc
@ComponentScan({"eu.emif.resource.web"})
public class ResourceWebConfig extends WebMvcConfigurerAdapter {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry
.addResourceHandler("/resources/**")
.addResourceLocations("(/resources/");
}
}
每当我想去 http://localhost:8082/style.css
或者 http://localhost:8082/resources/style.css
我得到
<oauth>
<error_description>
Full authentication is required to access this resource
</error_description>
<error>unauthorized</error>
</oauth>
将不胜感激。
将您的目录结构更改为如下:
src
main
java // backend located here
resources(By default these files are not added in deployment assembly and mostly used for loading java resources like xml file,properies file etc.)
webapp
resource(create new folder here and put your frontend(html/js/css) files here)
您好,我正在尝试在我的应用程序的 /resources 文件夹中包含一个前端。 我的目录结构如下:
src
main
java // backend located here
webapp
resource //my html/css/js
我正在使用 oauth 来保证后端的安全:
MethodSecurityConfig.java
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
return new OAuth2MethodSecurityExpressionHandler();
}
}
ResourceServerConfigurerAdapter.java
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**").permitAll().and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and().authorizeRequests().anyRequest().authenticated();
}
}
ResourceWebConfig.java
@Configuration
@EnableWebMvc
@ComponentScan({"eu.emif.resource.web"})
public class ResourceWebConfig extends WebMvcConfigurerAdapter {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry
.addResourceHandler("/resources/**")
.addResourceLocations("(/resources/");
}
}
每当我想去 http://localhost:8082/style.css 或者 http://localhost:8082/resources/style.css 我得到
<oauth>
<error_description>
Full authentication is required to access this resource
</error_description>
<error>unauthorized</error>
</oauth>
将不胜感激。
将您的目录结构更改为如下:
src
main
java // backend located here
resources(By default these files are not added in deployment assembly and mostly used for loading java resources like xml file,properies file etc.)
webapp
resource(create new folder here and put your frontend(html/js/css) files here)