Spring Boot security 默認攔截靜態資源的解決方法
Spring Boot security 會默認登陸之前攔截全部css, js,img等動態資源,導致我們的公開主頁在登陸之前很醜陋
像這樣:
網上很多解決辦法都過時瞭比如還在使用WebSecurityConfigurerAdapte,antMatchers
public class SecurityConfigurer extends WebSecurityConfigurerAdapter { @Override public void configure(WebSecurity web) throws Exception { web .ignoring() .antMatchers("/resources/**"); } }
WebSecurityConfigurerAdapter和antMatchers已經被Spring Security 6.0棄用,現最新的是使用securityFilterChain class 如下圖:
public class WebSecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((requests) -> requests .requestMatchers("/", "/home").permitAll() .anyRequest().authenticated() ) .formLogin((form) -> form .loginPage("/login") .permitAll() ) .logout((logout) -> logout.permitAll()); return http.build(); } }
這裡隻需要添加.requestMatchers("/resources/**").permitAll()就可以允許訪問resources文件下資源
註意.antMatchers 已經棄用,用.requestMatchers代替
public class WebSecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((requests) -> requests .requestMatchers("/", "/home").permitAll() //放行靜態資源 .requestMatchers("/resources/**").permitAll() .anyRequest().authenticated() ) .formLogin((form) -> form .loginPage("/login") .permitAll() ) .logout((logout) -> logout.permitAll()); return http.build(); } }
但是我看網上沒有人解釋需要註意這裡“/resources/**"並不一定萬能,具體鏈接得根據你插入css/js的路徑來比如這裡使用assets/**
那麼你securityFilterChain class裡就得是.requestMatchers("/assets/**").permitAll()
之後再運行,成功!
到此這篇關於Spring Boot security 默認攔截靜態資源的文章就介紹到這瞭,更多相關Spring Boot security攔截靜態資源內容請搜索WalkonNet以前的文章或繼續瀏覽下面的相關文章希望大傢以後多多支持WalkonNet!
推薦閱讀:
- 解決使用security和靜態資源被攔截的問題
- Spring Security自定義登錄頁面認證過程常用配置
- Spring Boot Admin 快速入門詳解
- Spring Security系列教程之會話管理處理會話過期問題
- Java SpringBoot快速集成SpringBootAdmin管控臺監控服務詳解