我正在尝试使用 Spring Boot、Spring Security 和 Thymeleaf 制作一个 Spring MVC 应用。
问题是 - 当我请求一个包含 html 和 css 的页面时,我没有为我的 css 文件获取正确的 MIME 类型,因此 Chrome 无法加载状态为“已取消”和消息“拒绝应用来自‘http://localhost:8080/login’的样式,因为它的 MIME 类型(‘text/html’)不是受支持的样式表 MIME 类型,并且启用了严格的 MIME 检查。”
我正确地链接了 css 文件: ""
css 文件包含在:
资源 -> 静态 -> css -> style.css
我已允许安全配置文件中资源文件夹中的所有资源:
package org.isp.configuration;
import org.isp.services.api.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.authenticationProvider(authenticationProvider());
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider
= new DaoAuthenticationProvider();
authProvider.setUserDetailsService(this.userService);
authProvider.setPasswordEncoder(getBCryptPasswordEncoder());
return authProvider;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
String[] permitted = new String[]{
"/", "/home","/register","/about","/png/**",
"/css/**","/icons/**","/img/**","/js/**","/layer/**"
};
http
.authorizeRequests()
.antMatchers(permitted).permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.defaultSuccessUrl("/dashboard")
.usernameParameter("username")
.passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/login?logout").permitAll()
.and()
.exceptionHandling().accessDeniedPage("/unauthorized")
.and()
.csrf().disable();
}
@Bean
public BCryptPasswordEncoder getBCryptPasswordEncoder(){
return new BCryptPasswordEncoder();
}
}
这是我的 html 页面:
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml"
xmlns:th="http://www.thymeleaf.org" >
<head>
<title>Index</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
**<link rel="stylesheet" href="../static/css/style.css" type="text/css">**
</head>
<body>
<div th:include="~{fragments/navbar :: navbar}"></div>
<div class="container">
<h3>Home</h3>
<p>This is the home page of the project!</p>
</div>
<div th:include="~{fragments/footer :: footer}" class="footer"></div>
</body>
</html>
有什么办法可以解决不正确的 MIME 类型吗?我是否缺少任何配置?
最佳答案
在我的例子中,我必须允许对静态文件的请求才能让它工作。
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Overide
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/js/**", "/css/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll();
}
}
关于html - Spring Boot 没有返回正确的 MIME 类型,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49095234/