这个问题在这里已有答案:
我正在我的HTML文件(JSP)中使用Spring Security和Bootstrap构建Spring MVC应用程序 .
我目前正在努力修复我的应用程序中的以下错误:
“拒绝从'http:// localhost:8080 / App / Template / js / modernizr.min.js'执行脚本,因为它的MIME类型('text / html')不可执行,并且启用了严格的MIME类型检查“ . (应用程序的登录页面)
上面的错误消息来自chrome开发人员控制台 .
Here the basic configuration
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
protected void globalConfig(AuthenticationManagerBuilder auth, DataSource dataSource) throws Exception {
//auth.inMemoryAuthentication().withUser("user").password("123").roles("USER");
auth.jdbcAuthentication()
.dataSource(dataSource)
//.passwordEncoder(passwordEncoder()) décrupt paswd
.usersByUsernameQuery("select username as principal, password as credentials, etat as actived from utilisateurs where username=?")
.authoritiesByUsernameQuery("select u.username as principal, ur.nom_role as role from utilisateurs u inner join roles ur on(u.roles_id=ur.id_role) where u.username=?")
.rolePrefix("ROLE_");
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement().maximumSessions(100).maxSessionsPreventsLogin(false).expiredUrl("/Login");
http
.authorizeRequests()
.antMatchers("/images/**","/pdf/**","/Template/**","/Views/**","/MainApp.js","/css/**", "/js/**").permitAll()
.antMatchers("/Users/**").access("hasRole('ADMIN')")
.antMatchers("/Login").anonymous()
.anyRequest().authenticated()
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.formLogin().loginPage("/Login").permitAll()
.defaultSuccessUrl("/")
.failureUrl("/Login?error=true")
.and()
.csrf()
.and()
.rememberMe().tokenRepository(persistentTokenRepository())
.tokenValiditySeconds(360000);
}
@Autowired
DataSource dataSource;
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl db = new JdbcTokenRepositoryImpl();
db.setDataSource(dataSource);
return db;
}
}
- APPConfigurationApplication.java :
@SpringBootApplication
@ComponentScan
@ImportResource("SpringBeans.xml")
public class APPConfigurationApplication extends SpringBootServletInitializer {
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(APPConfigurationApplication.class);
}
public static void main(String[] args) {
SpringApplication.run(APPConfigurationApplication.class, args);
}
- MvcConfig.java :
@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter{
@Override
public void configureDefaultServletHandling(
DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}
- Here are the response Headers of the request:
Request URL:http://localhost:8080/App/Login
Request Method:GET
Status Code:200
Remote Address:[::1]:8080
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Content-Language:fr-FR
Content-Length:4289
Content-Type:text/html;charset=UTF-8
Date:Tue, 09 May 2017 09:18:15 GMT
Expires:0
Pragma:no-cache
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block
Request Headers
view source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
AlexaToolbar-ALX_NS_PH:AlexaToolbar/alx-4.0.1
Cache-Control:max-age=0
Connection:keep-alive
Cookie:JSESSIONID=6DDBA94C937FADFB889C8CFDDD9E47A3
Host:localhost:8080
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/57.0.2987.133 Safari/537.36
但是这个错误发生 only when the application is opened for the first time in the browser . 一旦我继续登录然后再次返回登录页面,则不会发生错误 .
Edit1:
-Web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">
<display-name>Audit_Configuration</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>DefaultServlet</servlet-name>
<servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
</servlet>
<!-- DEFAULT -->
<servlet-mapping>
<servlet-name>DefaultServlet</servlet-name>
<url-pattern>/Template/css/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>js</servlet-name>
<url-pattern>/Template/js/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DefaultServlet</servlet-name>
<url-pattern>/images/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DefaultServlet</servlet-name>
<url-pattern>/pdf/*</url-pattern>
</servlet-mapping>
</web-app>
Here are my files in the "static"
我如何配置Spring Security,我可以从我的/ static资源目录加载css / js文件?
1 回答
解决方案是在web.xml文件中添加此代码: