首页 文章

Spring mvc安全和WEB-INF js,图像访问 - 拒绝从'http://localhost:8081/xyz/static/internal/js/jquery-1.10.2.min.js'执行脚本

提问于
浏览
4

需要以下帮助 .

我使用spring 4.1 with spring security 3.2.7和注释 .

我的js,css,图片没有加载..我收到此错误 .

具有安全性和WEB-INF js和图像访问权限的Spring mvc - 拒绝执行来自'http://localhost:8081/xyz/static/internal/js/jquery-1.10.2.min.js ' because its MIME type (' text / html'的脚本)不可执行,并且启用了严格的MIME类型检查 .

With out spring security everything is working fine

These are the configurations at mvcconfig.

@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
    registry.addResourceHandler("/resources/**").addResourceLocations("/", "/resources/");
    registry.addResourceHandler("/static/**").addResourceLocations("/", "/WEB-INF/pages/static/");
}

@Bean
public ViewResolver viewResolver() {
    final InternalResourceViewResolver bean = new InternalResourceViewResolver();
    bean.setViewClass(JstlView.class);
    bean.setPrefix("/WEB-INF/pages/");
    bean.setSuffix(".jsp");
    return bean;
}

and these are at Security configuration.

@Override
public void configure(final WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/WEB-INF/pages/static/**");
    web.ignoring().antMatchers("/resources/**");
}

和web.xml是

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>

<servlet>
    <servlet-name>mvc</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>mvc</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
    <filter-name>localizationFilter</filter-name>
    <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>localizationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

非常困惑 - 当我忽略时 - web.ignoring().antMatchers("/WEB-INF/pages/static/**"); 为什么它无法加载我的静态内容 . 请帮帮我 .

javascript spring spring-mvc static-content

1 回答

  • 1

    您应该知道Ant匹配器与请求路径进行比较,而不是与资源的文件系统路径进行比较 . 在这方面,适当的配置将是:

    web.ignoring().antMatchers("/static/**");
    回复于

相关问题