This question already has answers here:
How to access static resources when mapping a global front controller servlet on /*
(18个回答)
2年前关闭。
我正在HTML文件(JSP)中使用Spring Security和Bootstrap构建Spring MVC应用程序。
我目前正在努力修复应用程序中的以下错误:
“拒绝从以下位置执行脚本
'http://localhost:8080/App/Template/js/modernizr.min.js',因为其MIME类型
('text / html')不可执行,并且严格的MIME类型检查是
已启用。”(应用程序的登录页面)
上面的错误消息来自chrome开发者控制台。
这里的基本配置
-APPConfigurationApplication.java:
-MvcConfig.java:
-以下是请求的响应标头:
但是仅当在浏览器中首次打开应用程序时,才会发生此错误。一旦我继续登录,然后再次返回登录页面,就不会发生该错误。
编辑1:
-Web.xml:
这是我在“静态”文件
here path files
如何配置Spring Security,以便可以从/ static资源目录中加载css / js文件?
(18个回答)
2年前关闭。
我正在HTML文件(JSP)中使用Spring Security和Bootstrap构建Spring MVC应用程序。
我目前正在努力修复应用程序中的以下错误:
“拒绝从以下位置执行脚本
'http://localhost:8080/App/Template/js/modernizr.min.js',因为其MIME类型
('text / html')不可执行,并且严格的MIME类型检查是
已启用。”(应用程序的登录页面)
上面的错误消息来自chrome开发者控制台。
这里的基本配置
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
protected void globalConfig(AuthenticationManagerBuilder auth, DataSource dataSource) throws Exception {
//auth.inMemoryAuthentication().withUser("user").password("123").roles("USER");
auth.jdbcAuthentication()
.dataSource(dataSource)
//.passwordEncoder(passwordEncoder()) décrupt paswd
.usersByUsernameQuery("select username as principal, password as credentials, etat as actived from utilisateurs where username=?")
.authoritiesByUsernameQuery("select u.username as principal, ur.nom_role as role from utilisateurs u inner join roles ur on(u.roles_id=ur.id_role) where u.username=?")
.rolePrefix("ROLE_");
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement().maximumSessions(100).maxSessionsPreventsLogin(false).expiredUrl("/Login");
http
.authorizeRequests()
.antMatchers("/images/**","/pdf/**","/Template/**","/Views/**","/MainApp.js","/css/**", "/js/**").permitAll()
.antMatchers("/Users/**").access("hasRole('ADMIN')")
.antMatchers("/Login").anonymous()
.anyRequest().authenticated()
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.formLogin().loginPage("/Login").permitAll()
.defaultSuccessUrl("/")
.failureUrl("/Login?error=true")
.and()
.csrf()
.and()
.rememberMe().tokenRepository(persistentTokenRepository())
.tokenValiditySeconds(360000);
}
@Autowired
DataSource dataSource;
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl db = new JdbcTokenRepositoryImpl();
db.setDataSource(dataSource);
return db;
}
}
-APPConfigurationApplication.java:
@SpringBootApplication
@ComponentScan
@ImportResource("SpringBeans.xml")
public class APPConfigurationApplication extends SpringBootServletInitializer {
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(APPConfigurationApplication.class);
}
public static void main(String[] args) {
SpringApplication.run(APPConfigurationApplication.class, args);
}
-MvcConfig.java:
@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter{
@Override
public void configureDefaultServletHandling(
DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}
-以下是请求的响应标头:
Request URL:http://localhost:8080/App/Login
Request Method:GET
Status Code:200
Remote Address:[::1]:8080
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Content-Language:fr-FR
Content-Length:4289
Content-Type:text/html;charset=UTF-8
Date:Tue, 09 May 2017 09:18:15 GMT
Expires:0
Pragma:no-cache
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block
Request Headers
view source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
AlexaToolbar-ALX_NS_PH:AlexaToolbar/alx-4.0.1
Cache-Control:max-age=0
Connection:keep-alive
Cookie:JSESSIONID=6DDBA94C937FADFB889C8CFDDD9E47A3
Host:localhost:8080
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/57.0.2987.133 Safari/537.36
但是仅当在浏览器中首次打开应用程序时,才会发生此错误。一旦我继续登录,然后再次返回登录页面,就不会发生该错误。
编辑1:
-Web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">
<display-name>Audit_Configuration</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>DefaultServlet</servlet-name>
<servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
</servlet>
<!-- DEFAULT -->
<servlet-mapping>
<servlet-name>DefaultServlet</servlet-name>
<url-pattern>/Template/css/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>js</servlet-name>
<url-pattern>/Template/js/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DefaultServlet</servlet-name>
<url-pattern>/images/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DefaultServlet</servlet-name>
<url-pattern>/pdf/*</url-pattern>
</servlet-mapping>
</web-app>
这是我在“静态”文件
here path files
如何配置Spring Security,以便可以从/ static资源目录中加载css / js文件?
最佳答案
解决方案是将此代码添加到web.xml文件中:
<servlet>
<servlet-name>js</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>js</servlet-name>
<url-pattern>*.js</url-pattern>
</servlet-mapping>
关于javascript - 因为其MIME类型(“文本/纯文本”)不可执行,并且启用了严格的MIME类型检查,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/43865975/
10-11 02:32