Spring security prevents access to styles-Java-php.cn

Home

Java

Spring security prevents access to styles

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Feb 22, 2024 pm 01:19 PM

spring securityspring framework

php editor Banana brings you the latest Java Q&A content: How does security in the Spring framework prevent access to styles? This is an important issue when it comes to web application security. When developing web applications using the Spring framework, how to effectively protect style files from unauthorized access is an issue that needs attention. This article will answer this question in detail for you and help you better improve the security of web applications.

Question content

I ran into a problem where at some point some styles in my spring project stopped working. I used bootstrap styles and styles written by myself in css files. For some reason after launching the program, only part of it is displayed. When viewing "Network" in Google Developer Tools, I see that the style files are being redirected to http://localhost:8080/login for some reason, although I can access the style files. (https://i.stack.imgur.com/ggort.png)

@Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests((requests) -> requests
                        .requestMatchers("/", "/reg", "/registration/**", "/static/**", "/static/images/**", "/static/styles/**").permitAll()
                        .anyRequest().authenticated()
                )
                .formLogin((form) -> form
                        .loginPage("/login")
                        .failureUrl("/login_error")
                        .defaultSuccessUrl("/pc")
                        .permitAll()
                )
                .logout((logout) -> logout.permitAll().logoutSuccessUrl("/"));

        return http.build();
    }

After discovering this, I decided to comment out the spring security dependency in pom.xml and comment out all classes that use it. After that the styles started working and everything continued to work when spring security was not annotated. However, when I restarted my computer and started the project, I ran into the same problem again. What could this be related to and how to fix it? I really need your help!

Solution

You need to tell Spring Security to ignore resources under src/main/resources/static. You can do this by adding http.authorizeRequests((requests) -> requests..requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()) to the security configuration and removing all "/static/ to achieve this. .. A reference from an existing configuration.

The above is the detailed content of Spring security prevents access to styles. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:stackoverflow. If there is any infringement, please contact admin@php.cn delete

Spring Security 6：cors() 已弃用并标记为删除Feb 10, 2024 pm 11:45 PM

我有下面的代码：publicSecurityFilterChainsecurityFilterChain(HttpSecurityhttp)throwsException{returnhttp.httpBasic().disable().cors().and().csrf().disable().authorizeHttpRequests().requestMatchers("

如何使用Java开发一个基于Spring Security SAML的单点登录系统Sep 22, 2023 am 08:49 AM

如何使用Java开发一个基于SpringSecuritySAML的单点登录系统引言：随着互联网的快速发展，越来越多的应用程序被开发出来。在这些应用程序中，用户登录是最常见的功能之一。然而，对于企业级应用程序，用户需要在多个系统中进行登录，这将导致用户的登录体验非常糟糕。为了解决这个问题，单点登录系统（SingleSign-On，简称SSO）应运而生。简

GO 验证访问令牌（keycloak）Feb 09, 2024 am 09:30 AM

我正在尝试使用GO实现访问令牌验证。但我在网上看到的例子似乎只是用TOKEN_SECRET来验证它。但是我习惯了在Javaspring中编程，并且不需要使用TOKEN_SECRET。我只是提供jwk-set-uri，它会检查有效性（自动-安全过滤器等），我知道它与oauth服务器通信并进行此验证。Go中是否没有库可以通过向oauth服务器发出请求来检查令牌是否有效？我知道我知道我可以通过向oauth服务器的用户信息端点发出请求来手动进行此操作：http://localh

修改spring gateway中的RequestBodyFeb 09, 2024 pm 07:15 PM

我想在将requestbody路由到给定的uri之前修改它。基于我正在使用的文档org.springframework.cloud.gateway.filter.factory.rewrite.modifyrequestbodygatewayfilterfactory修改正文。启动我的服务器时，服务器无法启动并出现以下错误原因：元素[spring.cloud.gateway.routes[0].filters[0].modifyrequestbody.class]未绑定。\n\n操作：\

深入了解Spring框架的架构与工作原理Jan 24, 2024 am 09:41 AM

深入剖析Spring框架的架构与工作原理引言：Spring是Java生态系统中最受欢迎的开源框架之一，它不仅提供了一套强大的容器管理和依赖注入功能，还提供了许多其他功能，如事务管理、AOP、数据访问等。本文将深入剖析Spring框架的架构与工作原理，并通过具体的代码示例来解释相关概念。一、Spring框架的核心概念1.1IoC（控制反转）Spring的核心

Spring Security权限控制框架使用指南Feb 18, 2024 pm 05:00 PM

在后台管理系统中，通常需要访问权限控制，以限制不同用户对接口的访问能力。如果用户缺乏特定权限，则无法访问某些接口。本文将用waynboot-mall项目举例，给大家介绍常见后管系统如何引入权限控制框架SpringSecurity。大纲如下：waynboot-mall项目地址：https://github.com/wayn111/waynboot-mall一、什么是SpringSecuritySpringSecurity是一个基于Spring框架的开源项目，旨在为Java应用程序提供强大和灵活的安

如何使用Java开发一个基于Spring Security OAuth2的单点登录系统Sep 20, 2023 pm 01:06 PM

如何使用Java开发一个基于SpringSecurityOAuth2的单点登录系统引言：随着互联网的高速发展，越来越多的网站和应用程序需要用户进行登录，而用户却不希望为每个网站或应用程序都记住一个账号和密码。单点登录系统（SingleSign-On，简称SSO）能够解决这个问题，允许用户在一次登录后，无需重复认证就可以访问多个网站和应用程序。本文将介绍

成为一名出色的Java工程师，需要哪些认证证书？Feb 03, 2024 am 08:43 AM

成为一名优秀的Java工程师，需要具备哪些证书？随着信息技术的快速发展，Java作为一门重要的编程语言，逐渐成为企业招聘的热门技能之一。对于希望成为优秀的Java工程师的人来说，拥有相关的证书是提升自己竞争力的重要方式之一。那么，成为一名优秀的Java工程师，需要具备哪些证书呢？OracleCertifiedAssociate,JavaSEProg