弹簧安全启用后，静态资源不再可用

Question

我在使用一些配置，我的静态资源（js，css等）在Spring应用程序中不再可用。有人可以指出我错过了什么。这是代码。请注意我的JS和CSS位于以下文件夹中。另外请注意，使弹簧的安全性之前，这些资源在我的JSP页面被访问

Web Pages -> 
    WEB-INF -> 
      resources -> 
       and here 2 folders js and css 

我要访问的jQuery的JS文件夹下面的链接

<script src="resources/js/jquery.js"></script> 

，并在浏览器中的错误

加载资源失败：http://localhost:8010/resources/js/js.js服务器响应状态为404（未找到）

@Configuration 
@EnableScheduling  // if you want certain function running on the backend on recurrning basis like very 5 second a function call itself then you have to ensbale this. this will enable all classes defined as Service and Scheduled to be running on backend automatically. see example in com.outbottle.controllers.ScheduledTasks.java 
@ComponentScan("com.outbottle, com.JavaAnatatedClass") //this will import all beans marked as @Controller, or @Repository, or @Service, or @Component in the application context 
@ImportResource({"classpath:beans1.xml"}) //this will import all beans in the application context from this xml file 
@EnableWebMvc 
public class Config extends WebMvcConfigurerAdapter { 

    @Bean 
    public UrlBasedViewResolver setupViewResolver() { 
      ..... 
      ..... 
    } 

    @Override 
    public void addResourceHandlers(ResourceHandlerRegistry registry) { 

     registry.addResourceHandler("/resources/**").addResourceLocations("/WEB-INF/resources/**"); 

    }  

这是安全配置文件。

@Configuration 
@EnableWebSecurity 
//@PropertySource("classpath:jdbc.properties") 
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { 


    @Autowired 
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception { 

     AuthenticationService as = new AuthenticationService();  
     auth.userDetailsService(as); 
    } 


    @Override 
    protected void configure(HttpSecurity http) throws Exception { 

     http.authorizeRequests() 
     .antMatchers("/", "/home", "/REST").permitAll() 
     .antMatchers("/resources/**").permitAll() 
     .antMatchers("/admin/**").access("hasAuthority('ADMIN')") //you have to use hasAuthority because in AuthenticationService you are using GrantedAuthority object. i replaced hasRole with hasAuthority.  check the detailes below in comments 
     .antMatchers("/db/**").access("hasAuthority('ADMIN') and hasAuthority('DBA')") 

     //Custom Login Form with fields and values 
     //.and().formLogin()  //this will show default spring login page 
     .and().formLogin().loginPage("/login") 
     .usernameParameter("ssoId").passwordParameter("password") //these aret the fields on the login page for user and password 
     .and().csrf()    
     .and().exceptionHandling().accessDeniedPage("/Access_Denied"); 

    } 

Answer 1

我做了一些打击和尝试，发现这个工作

registry.addResourceHandler("/resources/js/*").addResourceLocations("/WEB-INF/resources/js/"); 
registry.addResourceHandler("/resources/css/*").addResourceLocations("/WEB-INF/resources/css/"); 

因为某些原因/ WEB-INF /资源/ JS/* **或不工作

而且我很独立将每个目录添加到资源。

Shahzad