我正在 HTML 文件 (JSP) 中使用 Spring Security 和 Bootstrap 构建 Spring MVC 应用程序。

我目前正在努力修复我的应用程序中的以下错误:

"Refused to execute script from 'http://localhost:8080/App/Template/js/modernizr.min.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled." (login page of app)

上面的错误消息来自 Chrome 开发者控制台。

这里是基本配置

@Configuration 
@EnableWebSecurity 
@EnableGlobalMethodSecurity(securedEnabled=true) 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{ 
 
@Autowired 
      protected void globalConfig(AuthenticationManagerBuilder auth, DataSource dataSource) throws Exception { 
     //auth.inMemoryAuthentication().withUser("user").password("123").roles("USER"); 
         auth.jdbcAuthentication() 
             .dataSource(dataSource) 
             //.passwordEncoder(passwordEncoder()) décrupt paswd 
             .usersByUsernameQuery("select username as principal, password as credentials, etat as actived from utilisateurs where username=?") 
             .authoritiesByUsernameQuery("select u.username as principal, ur.nom_role as role from utilisateurs u inner join roles ur on(u.roles_id=ur.id_role) where u.username=?") 
             .rolePrefix("ROLE_"); 
     } 
 
@Bean 
    public PasswordEncoder passwordEncoder(){ 
        PasswordEncoder encoder = new BCryptPasswordEncoder(); 
        return encoder; 
    } 
 
    @Override 
    public void configure(WebSecurity web) throws Exception { 
        web.ignoring().antMatchers("/resources/**"); 
    } 
 
protected void configure(HttpSecurity http) throws Exception { 
 
        http 
          .sessionManagement().maximumSessions(100).maxSessionsPreventsLogin(false).expiredUrl("/Login"); 
          http 
           .authorizeRequests() 
           .antMatchers("/images/**","/pdf/**","/Template/**","/Views/**","/MainApp.js","/css/**", "/js/**").permitAll() 
           .antMatchers("/Users/**").access("hasRole('ADMIN')") 
           .antMatchers("/Login").anonymous() 
           .anyRequest().authenticated() 
           .and() 
           .exceptionHandling().accessDeniedPage("/403") 
           .and() 
           .formLogin().loginPage("/Login").permitAll() 
           .defaultSuccessUrl("/") 
           .failureUrl("/Login?error=true") 
               .and() 
               .csrf() 
               .and() 
                .rememberMe().tokenRepository(persistentTokenRepository()) 
                .tokenValiditySeconds(360000); 
   } 
 
@Autowired 
DataSource dataSource; 
 
@Bean 
public PersistentTokenRepository persistentTokenRepository() { 
        JdbcTokenRepositoryImpl db = new JdbcTokenRepositoryImpl(); 
        db.setDataSource(dataSource); 
        return db; 
    } 
 
} 

-APPConfigurationApplication.java:

@SpringBootApplication   
@ComponentScan 
@ImportResource("SpringBeans.xml") 
public class APPConfigurationApplication extends SpringBootServletInitializer { 
 
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) { 
        return application.sources(APPConfigurationApplication.class); 
    } 
 
    public static void main(String[] args) { 
        SpringApplication.run(APPConfigurationApplication.class, args); 
 
    } 

-MvcConfig.java:

@Configuration 
public class MvcConfig  extends WebMvcConfigurerAdapter{ 
 @Override 
public void configureDefaultServletHandling( 
     DefaultServletHandlerConfigurer configurer) { 
            configurer.enable(); 
 
} 
} 

-以下是请求的响应 header :

Request URL:http://localhost:8080/App/Login 
 
Request Method:GET 
 
Status Code:200  
 
Remote Address:[::1]:8080 
 
Referrer Policy:no-referrer-when-downgrade 
 
Response Headers 
 
view source 
 
Cache-Control:no-cache, no-store, max-age=0, must-revalidate 
 
Content-Language:fr-FR 
 
Content-Length:4289 
 
Content-Type:text/html;charset=UTF-8 
 
Date:Tue, 09 May 2017 09:18:15 GMT 
 
Expires:0 
 
Pragma:no-cache 
 
X-Content-Type-Options:nosniff 
 
X-Frame-Options:DENY 
 
X-XSS-Protection:1; mode=block 
 
Request Headers 
 
view source 
 
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 
 
Accept-Encoding:gzip, deflate, sdch, br 
 
Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4 
 
AlexaToolbar-ALX_NS_PH:AlexaToolbar/alx-4.0.1 
 
Cache-Control:max-age=0 
 
Connection:keep-alive 
 
Cookie:JSESSIONID=6DDBA94C937FADFB889C8CFDDD9E47A3 
 
Host:localhost:8080 
 
Upgrade-Insecure-Requests:1 
 
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,  
 
like Gecko) Chrome/57.0.2987.133 Safari/537.36 

但此错误仅在首次在浏览器中打开应用程序时发生。一旦我继续登录,然后再次返回登录页面,就不会出现该错误。

编辑1:

-Web.xml:

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> 
  <display-name>Audit_Configuration</display-name> 
  <welcome-file-list> 
    <welcome-file>index.html</welcome-file> 
    <welcome-file>index.htm</welcome-file> 
    <welcome-file>index.jsp</welcome-file> 
    <welcome-file>default.html</welcome-file> 
    <welcome-file>default.htm</welcome-file> 
    <welcome-file>default.jsp</welcome-file> 
  </welcome-file-list> 
 
  <servlet> 
  <servlet-name>DefaultServlet</servlet-name> 
  <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class> 
</servlet> 
 
 <!-- DEFAULT --> 
<servlet-mapping> 
    <servlet-name>DefaultServlet</servlet-name> 
    <url-pattern>/Template/css/*</url-pattern> 
</servlet-mapping> 
 
<servlet-mapping> 
    <servlet-name>js</servlet-name> 
    <url-pattern>/Template/js/*</url-pattern> 
</servlet-mapping> 
 
<servlet-mapping> 
    <servlet-name>DefaultServlet</servlet-name> 
    <url-pattern>/images/*</url-pattern> 
</servlet-mapping> 
 
<servlet-mapping> 
    <servlet-name>DefaultServlet</servlet-name> 
    <url-pattern>/pdf/*</url-pattern> 
</servlet-mapping> 
 
</web-app> 

这是我的“静态”文件

here path files

我必须如何配置 Spring Security 才能从/static 资源目录加载 css/js 文件?

请您参考如下方法:

解决方案是在 web.xml 文件中添加以下代码:

<servlet> 
  <servlet-name>js</servlet-name> 
  <servlet-class>org.a‌​pache.catalina.servl‌​ets.DefaultServlet</‌​servlet-class> 
</serv‌​let> 
<servlet-mapping‌​> 
  <servlet-name>js</s‌​ervlet-name> 
  <url-pat‌​tern>*.js</url-patte‌​rn> 
</servlet-mapping‌​> 


评论关闭
IT源码网

微信公众号号:IT虾米 (左侧二维码扫一扫)欢迎添加!