很抱歉问了这么一个愚蠢的问题,但经过两个小时的努力,我终于放弃了。链接到github
bootstrap在http“/”上可以完美地工作,但在子页面“/item/show”上却不能。我有注销输出 Authorized public object filter invocation [GET /item/webjars/bootstrap/5.0.1/js/bootstrap.js] 我想应该是这样 [GET webjars/bootstrap/5.0.1/js/bootstrap.js] 但我不知道如何正确设置它。
@Slf4j
@RequiredArgsConstructor
@Component
public class defaultLoader implements CommandLineRunner {
private final PasswordEncoder passwordEncoder;
private final AuthorityRepository authorityRepository;
private final RoleRepository roleRepository;
private final UserRepository userRepository;
@Override
public void run(String... args) throws Exception {
loadAccount();
}
private void loadAccount() {
var storeItemCreate = authorityRepository.save(Authority.builder().permission("store.item.create").build());
var storeItemRead = authorityRepository.save(Authority.builder().permission("store.item.read").build());
var storeItemUpdate = authorityRepository.save(Authority.builder().permission("store.item.update").build());
var storeItemDelete = authorityRepository.save(Authority.builder().permission("store.item.delete").build());
var admin = roleRepository.save(Role.builder().
authority(storeItemCreate).
authority(storeItemRead).
authority(storeItemUpdate).
authority(storeItemDelete).
name("ADMIN").build());
var customer = roleRepository.save(Role.builder().
authority(storeItemRead).
name("CUSTOMER").
build());
userRepository.save(User.builder().
role(admin).
username("admin").
password(passwordEncoder.encode("admin")).
email("admin@admin.com").
build()
);
userRepository.save(User.builder().
role(customer).
username("user").
password(passwordEncoder.encode("user")).
email("user@user.com").
build()
);
}
}@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
private final UserRepository userRepository;
private final UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//H2 in mem settings
http.authorizeRequests(authorize -> {
authorize
.antMatchers("/h2-console/**").permitAll() //do not use in production!
.antMatchers("/", "/login", "/resources/**").permitAll()
.antMatchers("/css/**", "/js/**", "/webjars/**","**/webjars/**").permitAll();
}).
httpBasic().
and().csrf().ignoringAntMatchers("/h2-console/**")
.and().headers().frameOptions().sameOrigin().and();
//Loggin
http.formLogin(configurer ->{
configurer
.loginProcessingUrl("/login")
.loginPage("/login").permitAll()
.successForwardUrl("/")
.defaultSuccessUrl("/")
.failureUrl("/login/?error");
} ).
logout(configurer ->{
configurer.
logoutRequestMatcher(new AntPathRequestMatcher("/logout","GET")).
logoutSuccessUrl("/").
permitAll();
} );
}
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
web.
ignoring().
antMatchers("/resources/**", "/static/**","/webjars/**");
}
@Bean
PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
UserDetailsService AppUserDetailsService() {
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
return userRepository.findByUsername(s).orElseThrow(() -> new UsernameNotFoundException("User : " + s + " not found"));
}
};
}
}package orchowski.tomasz.ecommercedemo.controller.item;
import orchowski.tomasz.ecommercedemo.security.permision.PermissionStoreItemCreate;
import orchowski.tomasz.ecommercedemo.security.permision.PermissionStoreItemRead;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
@RequestMapping("/item")
public class itemController {
@PermissionStoreItemCreate
@GetMapping("/create")
public String itemAddController() {
return "item/create";
}
@PermissionStoreItemRead
@GetMapping("/show")
public String itemRead(Model model) {
return "item/show";
}
}@Retention(RetentionPolicy.RUNTIME)
@PreAuthorize("hasAuthority('store.item.read')")
public @interface PermissionStoreItemRead {
}这是我对“/item/show”有问题的模板页面
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<head>
<meta charset="UTF-8">
<title>store</title>
<link th:rel="stylesheet" th:href="@{webjars/bootstrap/5.0.1/css/bootstrap.min.css}">
</head>
<body>
<div class="container">
<div class="row">
<div class="col-sm-12">
<nav th:replace="fragments/navbar :: nav"></nav>
</div>
</div>
<div class="alert alert-warning" role="alert">Tudududu</div>
<h1>Lista</h1>
</div>
<script th:src="@{webjars/jquery/3.0.0/jquery.min.js}"></script>
<script th:src="@{webjars/popper.js/2.9.2/umd/popper.js}"></script>
<script th:src="@{webjars/bootstrap/5.0.1/js/bootstrap.js}"></script>
</body>
</html>
1条答案
按热度按时间zpqajqem1#
问题出在thymeleaf'item/show.html'中正确的模板是