Spring Security Thymleaf静态资源不加载

Question

我正在使用Thymleaf和Spring-Security的SpringMVC。 我想使用Thymleaf模板加载一个页面，我可以加载我的静态资源。

我想加载例如位于画面：静态/ IMG /主题/ logo.png从template.html

以下是我有：result

---

template.html：

 


     body> 
      div layout:fragment="content"> 

       a href="">img src="../static/img/theme/logo.png" alt="Logo"> 

       h1>Hello 

      /div> 

     /body> 

---

MvcConfig.java

 

@Configuration 
public class MvcConfig extends WebMvcConfigurerAdapter { 

    @Override 
    public void addViewControllers(ViewControllerRegistry registry) { 
     registry.addViewController("/home").setViewName("home"); 
     registry.addViewController("/index").setViewName("index"); 
     registry.addViewController("/template").setViewName("template"); 
     registry.addViewController("/layout").setViewName("layout"); 
     registry.addViewController("/login").setViewName("login"); 

    } 



    @Override 
    public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) { 
     configurer.enable(); 
    } 


} 

---

WebSecurityConfig：

 

    @Configuration 
    @EnableWebSecurity 
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 


     //List of all free pages 

     private static final String[] pagesFree = { 
       "/home", 
       "/template", 
       "/layout", 

       //Thymleaf directory 
       "/css/**", 
       "/js/**", 
       "/img/**", 
       "/fonts/**", 
       "/ico/**", 
       "/twitter/**", 
       "/" 
       }; 



     @Override 
     protected void configure(HttpSecurity http) throws Exception { 



      http 
       .authorizeRequests() 
        .antMatchers(pagesFree).permitAll() 
        .anyRequest().authenticated() 
        .and() 
       .formLogin() 
        .loginPage("/login") 
        .permitAll() 
        .and() 
       .logout() 
        .permitAll(); 
     } 

     @Autowired 
     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
      auth.inMemoryAuthentication() 
        .withUser("u").password("u").roles("USER"); 
     } 


    } 

---

Source Code tree

Answer 1

在您的安全配置，你会声明是这样的：

/** Public URLs. */ 
private static final String[] PUBLIC_MATCHERS = { 
     "/webjars/**", 
     "/css/**", 
     "/js/**", 
     "/images/**", 
     "/" 
}; 

然后是这样的：

@Override 
protected void configure(HttpSecurity http) throws Exception { 

    List<String> activeProfiles = Arrays.asList(env.getActiveProfiles()); 
    if (activeProfiles.contains("dev")) { 
     http.csrf().disable(); 
     http.headers().frameOptions().disable(); 
    } 

    http 
      .authorizeRequests() 
      .antMatchers(PUBLIC_MATCHERS).permitAll() 
      .anyRequest().authenticated() 
      .and() 
      .formLogin().loginPage("/login").defaultSuccessUrl("/payload") 
      .failureUrl("/login?error").permitAll() 
      .and() 
      .logout().permitAll(); 
} 

而在你Thymeleaf的模板你会声明是这样的：

<img class="featurette-image pull-left" th:src="@{/images/browser-icon-firefox.png}" /> 

项目的工作副本可以发现here。