如何在Spring Security中允许静态文件夹和css文件作为antMtchers被删除

eit6fx6z 于 2024-01-05 发布在 Spring

关注(0)|答案(1)|浏览(153)

package com.example.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.config.annotation.web.configuration.*;
import com.example.service.CustomUserDetailsService;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Autowired
    CustomUserDetailsService customUserDetailsServcie;
    @Bean
    public static PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.csrf().disable().authorizeHttpRequests()
            .requestMatchers("/registration", "/password-request", "/reset-password", "../static/css",
                "../static/images")
            .permitAll().requestMatchers("home").permitAll().and().formLogin().loginPage("/login")
            .loginProcessingUrl("/login").defaultSuccessUrl("/home", true).permitAll().and().logout()
            .invalidateHttpSession(true).clearAuthentication(true)
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login?logout")
            .permitAll();
        return http.build();
    }
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(customUserDetailsServcie).passwordEncoder(passwordEncoder());
    }
}

字符串
我看过视频，也读过帖子，但到处都是用antMatchers解决问题的方法。stackoverflow里的大多数帖子都是旧的，现在由于antMatchers在最新的Spring不工作，所以没有任何合适的解决方案。

spring

来源：https://stackoverflow.com/questions/77566854/how-to-allow-static-folder-and-css-files-in-spring-security-as-antmtchers-is-dpe

1条答案

按热度按时间

6qqygrtg1#

您需要添加

http.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()

字符串
配置Spring Security以允许对src/main/resources/static下的资源进行未经身份验证的访问。另外，
第一个月
从你的配置。

赞(0）回复(0）举报 2024-01-05

我来回答

如何在Spring Security中允许静态文件夹和css文件作为antMtchers被删除

1条答案

相关问题

热门标签

最新问答