我正在尝试通过包含 Angular 构建文件来构建 war 文件。我在里面放置了 Angular 7 构建文件
src/main/resources/static
文件夹。我正在使用 Gradle 作为构建工具。
安全类如下所述。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableGlobalAuthentication
public class JWTWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtUnAuthorizedResponseAuthenticationEntryPoint jwtUnAuthorizedResponseAuthenticationEntryPoint;
@Autowired
private UserDetailsService jwtInMemoryUserDetailsService;
@Autowired
private JwtTokenAuthorizationOncePerRequestFilter jwtAuthenticationTokenFilter;
@Value("${jwt.get.token.uri}")
private String authenticationPath;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(jwtInMemoryUserDetailsService)
.passwordEncoder(passwordEncoderBean());
}
@Bean
public PasswordEncoder passwordEncoderBean() {
return new BCryptPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(jwtUnAuthorizedResponseAuthenticationEntryPoint).and()
//.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS,"/fbts/api**").permitAll()
.anyRequest().authenticated().and()
.httpBasic()
.and().formLogin().disable();
httpSecurity
.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
httpSecurity
.headers()
.frameOptions().sameOrigin() //H2 Console Needs this setting
.cacheControl(); //disable caching
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity
.ignoring()
.antMatchers(
HttpMethod.POST,
authenticationPath
)
.antMatchers(HttpMethod.OPTIONS, "/**")
.and()
.ignoring()
.antMatchers(
HttpMethod.GET,
"/" //Other Stuff You want to Ignore
)
.and()
.ignoring()
.antMatchers("/h2-console/**/**");
}
}
我是否要添加任何内容以忽略 .js 文件。我也尝试忽略 .js 文件,但是当我忽略 .js 文件时,我的 Rest API 不安全。感谢您的帮助。
最佳答案
在您的最后一行代码 .antMatchers("/h2-console/**/**");
中,您必须添加应从授权中排除的所有资源。
比如
.antMatchers("/h2-console/**/**"."/resources/**", "/static/**", "/assets/**", "/index. html", "/**/*.css", "/**/*.js", "/**/*.png", "/**/*.jpg", "/**/*. gif", "/**/*.svg", "/**/favicon.ico");
关于angular - Spring Boot 安全性未加载 Angular 7 应用程序构建文件,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59301456/