java – Spring Security“拒绝执行脚本…”

前端之家收集整理的这篇文章主要介绍了java – Spring Security“拒绝执行脚本…”前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在使用 Spring Security和Bootstrap在我的HTML文件(百里香模板)中构建一个Spring MVC应用程序. Spring Security部分基于Spring Guide for Spring Security,并结合了Spring引导应用程序服务器.

启用S​​pring Security后,引导程序css文件将不会加载错误消息:

Refused to execute script from 'http://localhost:8080/js/bootstrap.min.js' because its MIME type ('text/html') is not executable,and strict MIME type checking is enabled.

上面的错误信息来自chrome开发者控制台.

我试过的

>禁用Spring Security
=> bootstrap css再次工作,但我需要安全
>在春季论坛上搜索,但是没有解决方案的循环链接
>添加资源处理程序,但我看不到处理程序被调用,也不会消失错误
>将资源路径添加到permit调用

我的目录结构:

/main
  |-> /java
       | BootStart.java
       |-> /security
              |SecurityConfiguration.java
  |-> /resources
         |-> /static
               |-> /css /** bootstrap location */
               |-> /js
               |-> /fonts
         |-> /templates
               | /user
                   | sample.html

BootStart.java是由Spring Boot拾取的java文件.

BootStart.java:

@EnableAutoConfiguration
@ComponentScan
public class BootStart {
    public static void main(String[] args) {
        SpringApplication.run(BootStart.class,args);
    }
}

SecurityConfiguration.java:

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
                .logout()
                .permitAll();
        http
                .authorizeRequests()
                .antMatchers("/","/resources/static/**").permitAll()
                .anyRequest().authenticated();

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }
}

Sample.html:

<!DOCTYPE HTML>
<html>
<head>
    <link rel="stylesheet" th:href="@{/css/bootstrap.css}" href="../../css/bootstrap.min.css"/>
    <link rel="stylesheet" th:href="@{/css/bootstrap-theme.css}" href="../../css/bootstrap-theme.min.css"/>
    <title></title>
    <Meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
</head>
<body>
<div class="alert alert-danger" role="alert">!Basic template!</div>

<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script src="js/bootstrap.min.js"></script>

</body>
</html>

目前我在我的pom中使用以下依赖项:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-core</artifactId>
    <version>3.2.4.RELEASE</version>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-web</artifactId>
    <version>3.2.4.RELEASE</version>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-config</artifactId>
    <version>3.2.4.RELEASE</version>
</dependency>

我如何配置Spring Security可以从我的/ static资源目录加载css / js文件

解决方法

请检查这个 answer由其他类似的问题.

如果将js文件放在/ js / dir中,则不应该出现这种MIME错误.
而且,对于javascript文件,最好禁用他们的安全性:

@Override
public void configure(WebSecurity web) throws Exception {
  web.ignoring().antMatchers("/the_js_path/**");
}

猜你在找的Java相关文章