问题描述
在整合 Spring Boot、Spring Security、Thymeleaf 的练习中,对页面进行调试时,发现如下错误提示:
Refused to execute script from ‘http://localhost:8080/codelib-springsecurity-sample-web/js/ie10-viewport-bug-workaround.js’ because its MIME type (‘text/html’) is not executable, and strict MIME type checking is enabled.
Refused to execute script …”,为什么会被拒绝执行呢?进而想到可能是权限的控制问题,亦即是 Spring Security 的静态资源访问配置问题。经核查,的确是这样的问题。
正确配置如下:
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers("/css/**", "/js/**","/images/**", "/webjars/**", "**/favicon.ico", "/index")
.permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error")
.permitAll()
.and()
.logout().permitAll();
}
问题在于我原来配置中没有将 “/js/**” 的路径添加到配置中,导致没有验证的用户没有权限访问。
装载自:https://blog.youkuaiyun.com/c4jem/article/details/77131422