Spring安全性无法访问外部JavaScript
我正在使用Security,当我试图使用外部javascript甚至webjars时,安全模块就会阻止访问。
我尝试在我的网页中添加一些javascript,比如: header.html
<script src="https://cdnjs.cloudflare.com/ajax/libs/sockjs-client/1.4.0/sockjs.min.js"></script>
<script src="/webjars/stomp-websocket/stomp.min.js"></script>我的Security看起来如下(注意"/webjars/“、"/*.js”、“/.js”).permitAll():
AppConfig.java
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class AppConfig extends WebSecurityConfigurerAdapter {
@Bean
public LogoutSuccessHandler logoutSuccessHandler() {
return new LogoutController();
}
@Bean
public AuthenticationController authenticationController() throws UnsupportedEncodingException {
JwkProvider jwkProvider = new JwkProviderBuilder(domain).build();
return AuthenticationController.newBuilder(domain, clientId, clientSecret)
.withJwkProvider(jwkProvider)
.build();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http
.authorizeRequests()
.antMatchers("/callback", "/login", "/", "/*.png", "/css/**", "/js/**", "/bibliographies", "/bibliographies/*", "/api/**", "/webjars/**", "/*.js", "/**.js").permitAll()
.anyRequest().authenticated()
.and()
.logout().logoutSuccessHandler(logoutSuccessHandler()).permitAll();
}在加载我想要访问javascript的网页时,我会得到以下异常:
2020-01-18 16:38:39.941调试7824 -- nio-3000-exec-4 o.s.s.w.a.ExceptionTranslationFilter :访问被拒绝(用户是匿名的);重定向到身份验证入口点
org.springframework.security.access.AccessDeniedException:访问在org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~spring-security-core-4.2.12.RELEASE.jar:4.2.12.RELEASE at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~spring-security-core-4.2.12.RELEASE.jar:4.2.12.RELEASE at org.springframework.security.web被拒绝.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~spring-security-web-4.2.12.RELEASE.jar:4.2.12.RELEASE at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~spring-security-web-4.2.12.RELEASE.jar:4.2.12.RELEASE at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) spring-security-web-4.2.12RELEASE.JAR:4.2.12 org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) ~spring-security-web-4.2.12.RELEASE.jar:4.2.12.RELEASE at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) spring-security-web-4.2.12.RELEASE.jar:4.2.12.RELEASE at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter( spring-security-web-4.2.12.RELEASE.jar:4.2.12.RELEASE at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) spring-security-web-4.2.12.RELEASE.jar:4.2.12.RELEASE )
我声明的其他匹配程序(如"/api/**“)可以在没有登录的情况下使用,但是我自己的安全性阻止了我访问.js文件,尽管我的匹配程序看起来还可以。
我怎样才能解决这个问题?
回答 1
Stack Overflow用户
发布于 2020-01-21 07:23:35
添加:
<security:intercept-url pattern="/resources/**" access="permitAll" />在你的上下文文件中。在这里,资源是所有JS文件所在的目录。
您可以参考以下链接:Spring security does not allow CSS or JS resources to be loaded
https://stackoverflow.com/questions/59802152
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号