访问静态资源错误信息
解决方法:
配置文件WebMvcConfig 处理静态资源访问
package com.jayden.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
@Configuration
public class WebMvcConfig extends WebMvcConfigurationSupport {
@Override
protected void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/**").addResourceLocations("classpath:/static/");
}
}
security配置文件
package com.jayden.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.session.ConcurrentSessionFilter;
import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;
import org.springframework.web.filter.CharacterEncodingFilter;
import com.jayden.security.ExpiredSessionStrategy;
import com.jayden.security.MyFilterSecurityInterceptor;
import com.jayden.service.impl.UserServiceImpl;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled =true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
SessionRegistry sessionRegistry;
@Autowired
private MyFilterSecurityInterceptor myFilterSecurityInterceptor;
@Bean
public UserDetailsService userService(){
return new UserServiceImpl();
}
@Bean
PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
PasswordEncoder md5PasswordEncoder() {
return new MD5PasswordEncoder();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/login/**");
web.ignoring().antMatchers("/res/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().loginPage("/toLogin").loginProcessingUrl("/doLogin")
.defaultSuccessUrl("/index")
.failureUrl("/toLogin?error=true");
//解决非thymeleaf的form表单提交被拦截问题
http.csrf().disable();
http
.authorizeRequests()
.antMatchers("/toLogin", "/home", "/").permitAll()
.anyRequest()
.authenticated();
//session管理
//session失效后跳转
http.sessionManagement().invalidSessionUrl("/toLogin");
//单用户登录,如果有一个登录了,同一个用户在其他地方登录将前一个剔除下线
//http.sessionManagement().maximumSessions(1).expiredSessionStrategy(expiredSessionStrategy());
//单用户登录,如果有一个登录了,同一个用户在其他地方不能登录
http.sessionManagement().maximumSessions(1).maxSessionsPreventsLogin(true);
//退出删除cookie
http.logout()
.permitAll()
.logoutUrl("/logout") //执行注销的url
.invalidateHttpSession(true) // 指定是否在注销时让httpSession无效
.deleteCookies("JESSIONID") // 清除cookie
.logoutSuccessUrl("/toLogin"); // 注销成功后跳转的url
super.configure(http);
//解决中文乱码问题
CharacterEncodingFilter filter = new CharacterEncodingFilter();
filter.setEncoding("UTF-8");
filter.setForceEncoding(true);
//http.addFilterBefore(filter,CsrfFilter.class);
http.addFilterBefore(myFilterSecurityInterceptor, FilterSecurityInterceptor.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService()).passwordEncoder(md5PasswordEncoder());
}
}
前端页面
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>home</title>
</head>
<body>
<h2>这里是home页,静态页面</h2>
<img alt="图片" src="/res/20190402154237.png" />
</body>
<!-- 引用js -->
<script src="/login/js/city.js" type="text/javascript"></script>
</html>