spring-security 使用Spring安全性在Spring MVC中运行jQuery和引导

vwhgwdsa  于 2022-11-11  发布在  Spring
关注(0)|答案(1)|浏览(167)

我是Sping Boot MVC应用程序开发的新手。我有一个新的应用程序,我通过Maven设置的,我试图在其中导入jquery和bootstrap。我通过Maven导入了这两个Jar文件。它们位于Java资源-〉库-〉Maven依赖项中。
我使用的是Spring框架5.3.22和Spring安全性5.7.3
当我运行我的站点时,我可以看到jquery和引导文件被添加到Network选项卡中,但我得到了以下错误:
“拒绝执行来自[网站URL]的脚本,因为其MIME类型('text/html')不可执行,并且启用了严格的MIME类型检查。”
还有
拒绝应用来自[网站URL]得样式,因为其MIME类型('text/html')不是受支持得样式表MIME类型,并且启用了严格得MIME检查.
在我的JSP页面上,我包括了如下文件:

<link href="webjars/bootstrap/5.2.0/css/bootstrap.min.css" rel="stylesheet" >
<script src="webjars/jquery/3.6.1/jquery.min.js" type="text/javascript"></script>
<script src="webjars/bootstrap/5.2.0/js/bootstrap.min.js" type="text/javascript"></script>

我的Servlet配置如下所示:

public class MySpringMvcDispatcherServeletInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        // TODO Auto-generated method stub
        return null;
    }
    @Override
    protected Class<?>[] getServletConfigClasses() {
        //return DemoAppConfig.java class
        return new Class[] {DemoAppConfig.class};
    }
    @Override
    protected String[] getServletMappings() {       
        return new String[] {"/"};
    }    
}

@Configuration
@EnableWebSecurity
public class DemoSecurityConfig  {    
@Bean
public InMemoryUserDetailsManager userDetailsManager() {
    System.out.println("======>> Add Details manager");
    //add in memory users/roles
}

@Bean
public CorsConfigurationSource corsConfigurationSource(){
    System.out.println("======>> Add CORS");
    CorsConfiguration corsConfiguration = new CorsConfiguration();
    // Below config will allow only following origines from web browser
    corsConfiguration.setAllowedOrigins(Arrays.asList("http://localhost:8080/"));
    // Whether user credentials are supported. By default, do not support
    // If you want to allow credentials then set it true
    corsConfiguration.setAllowCredentials(false);

    // below will not allow DELETE methods, if you want then add DELETE also
    corsConfiguration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "OPTION"));

    // Below will set allowed headers list, Other headers will not be supported
    corsConfiguration.setAllowedHeaders(Arrays.asList("accept", "authorization", "apikey", "tenantId"));

    UrlBasedCorsConfigurationSource  corsConfigurationSource = new UrlBasedCorsConfigurationSource();

    // This will register above configurations on all resources from the root
    // If you want different rules for different resources then create separate configuration
    // and register on separate resource path uri
    corsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
    return corsConfigurationSource;
}

@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
    // Ignore resources for any check
    System.out.println("======>> Add  web Customizer");
    return (web) -> web.ignoring().antMatchers("/webjars/**","/resources/**", "/static/**", "/css/**", "/js/**", "/img/**", "/icon/**");
}

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    System.out.println("======>> Add Security Chain");
    return http     
    .authorizeRequests(configurer ->
        configurer
            .antMatchers("/webjars/**","/resources/**", "/static/**", "/css/**", "/js/**", "/img/**", "/icon/**").permitAll()
            .anyRequest().authenticated())

    .formLogin(configurer ->
        configurer
            .loginPage("/showMyLoginPage")
            .loginProcessingUrl("/authenticateTheUser")
            .permitAll())

    .build();  
}

}

myss37ts

myss37ts1#

我可以通过重写addResrouceHandlers来实现这一点。在我的DemoAppConfig文件中,它实现了WebMvcConfigurer,我添加了以下代码:

@Configuration
@EnableWebMvc
@ComponentScan(basePackages="com.jason.springsecurity.demo")
public class DemoAppConfig implements WebMvcConfigurer{
    //define bean for ViewResolver
    @Bean
    public ViewResolver viewResolver() {
        InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
        viewResolver.setPrefix("/WEB-INF/view/");
        viewResolver.setSuffix(".jsp");

        return viewResolver;    
    }   

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        System.out.println("================>Calling addResourceHandlers");

        //my libraries
        registry.addResourceHandler("/resources/**")
            .addResourceLocations("/resources/");

        //webjars
        if (!registry.hasMappingForPattern("/webjars/**")) {
            registry.addResourceHandler("/webjars/**").addResourceLocations(
                    "classpath:/META-INF/resources/webjars/");
        }
    }   
}

然后,我可以将这些文件添加到我的视图中,如下所示:

<link href="webjars/bootstrap/5.2.0/css/bootstrap.min.css" rel="stylesheet" > 
<script src="webjars/jquery/3.6.1/jquery.min.js"></script>
<script src="webjars/bootstrap/5.2.0/js/bootstrap.min.js"></script>

相关问题