javascript – Spring mvc安全和WEB-INF js,图像访问 – 拒绝从’http：// localhost：8081 / xyz / static / internal / js / jquery-1.10.2.min.js’执行脚本

需要以下帮助.

我使用spring 4.1 with spring security 3.2.7和注释.

我的js,css,图片没有加载..我收到此错误.

具有安全性和WEB-INF js和图像访问权限的Spring mvc – 拒绝执行来自’http://localhost:8081/xyz/static/internal/js/jquery-1.10.2.min.js‘的脚本,因为它的MIME类型(‘text / html’)不可执行,并且启用了严格的MIME类型检查.

随着弹簧安全,一切都很好

这些是mvcconfig的配置.

@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
    registry.addResourceHandler("/resources/**").addResourceLocations("/","/resources/");
    registry.addResourceHandler("/static/**").addResourceLocations("/","/WEB-INF/pages/static/");
}

@Bean
public ViewResolver viewResolver() {
    final InternalResourceViewResolver bean = new InternalResourceViewResolver();
    bean.setViewClass(JstlView.class);
    bean.setPrefix("/WEB-INF/pages/");
    bean.setSuffix(".jsp");
    return bean;
}

这些都是安全配置.

@Override
public void configure(final WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/WEB-INF/pages/static/**");
    web.ignoring().antMatchers("/resources/**");
}

和web.xml是

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>

<servlet>
    <servlet-name>mvc</servlet-name>
    <servlet-class>org.springframework.web.servlet.dispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>mvc</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
    <filter-name>localizationFilter</filter-name>
    <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>localizationFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

非常困惑 – 当我忽略时 – web.ignoring().antMatchers(“/ WEB-INF / pages / static / **”);
为什么它无法加载我的静态内容.
请帮帮我.

解决方法

您应该知道Ant匹配器与请求路径进行比较,而不是与资源的文件系统路径进行比较.在这方面,适当的配置将是：

web.ignoring().antMatchers("/static/**");

javascript – Spring mvc安全和WEB-INF js,图像访问 – 拒绝从’http：// localhost：8081 / xyz / static / internal / js / jquery-1.10.2.min.js’执行脚本

解决方法

相关推荐