在使用Spring Security 3.2.0保护应用程序并提供javascript文件时,如何设置内容类型头?
我有一些js文件通过jetty服务器和spring security(3.2.0)提供给Chrome。
@Autowired
public void configureGlobal( AuthenticationManagerBuilder authBuilder ) throws Exception
{
LOGGER.info( "configureGlobal()" );
DaoAuthenticationConfigurer<AuthenticationManagerB uilder, UserDetailsServiceImpl> userServiceConfigurer = authBuilder.userDetailsService(
new UserDetailsServiceImpl() );
// TODO temporary until we get angular to play well with the required csrf token.
HttpSecurity httpSecurity = getHttp();
httpSecurity.csrf().disable();
ExpressionUrlAuthorizationConfigurer<HttpSecurity> .ExpressionInterceptUrlRegistry interceptUrlRegistry = httpSecurity.authorizeRequests();
interceptUrlRegistry.anyRequest().authenticated();
httpSecurity.authorizeRequests().antMatchers( "/unsecure/**" ).permitAll();
httpSecurity.authorizeRequests().antMatchers( HttpMethod.GET, "/lib/**" ).permitAll();
FormLoginConfigurer<HttpSecurity> formLoginConfigurer = httpSecurity.formLogin();
formLoginConfigurer.loginPage( "/unsecure/login.html" ).permitAll();
}
Resource interpreted as Stylesheet but transferred with MIME type text/html: "http://localhost:8080/maggie/unsecure/login.html". login.html:18
Resource interpreted as Script but transferred with MIME type text/html: "http://localhost:8080/maggie/unsecure/login.html". login.html:31
Resource interpreted as Script but transferred with MIME type text/html: "http://localhost:8080/maggie/unsecure/login.html". login.html:28
Resource interpreted as Script but transferred with MIME type text/html: "http://localhost:8080/maggie/unsecure/login.html". login.html:33
Resource interpreted as Script but transferred with MIME type text/html: "http://localhost:8080/maggie/unsecure/login.html". login.html:30
Resource interpreted as Stylesheet but transferred with MIME type text/html: "http://localhost:8080/maggie/unsecure/login.html". login.html:9
Refused to execute script from 'http://localhost:8080/maggie/lib/boo...otstrap.min.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled. login.html:1
Refused to execute script from 'http://localhost:8080/maggie/lib/angular/angular.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled. login.html:1
Refused to execute script from 'http://localhost:8080/maggie/lib/ang...gular-route.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled. login.html:1
Refused to execute script from 'http://localhost:8080/maggie/unsecure/authenticate.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
Resource interpreted as Stylesheet but transferred with MIME type text/html: "http://localhost:8080/maggie/unsecure/login.html". login.html:18
Uncaught SyntaxError: Unexpected token <
共有1个答案
你可以参考这个答案。
对于javascript文件,最好禁用安全性:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/the_js_path/**");
}
-
我有一个小型java webapp,由三个微服务组成——api-service、book-service和db-service,所有这些都使用mini kube本地部署在kubernetes集群上。 我计划为api-service和book-service保留单独的UI,从单独的pod提供常见的静态文件,可能是映像。 我能够创建一个前端,为参考本教程的nginx:alpine中的静态文件提供服务。
-
有人可以帮助我解决以下问题吗? 场景。我有一个运行在Azure虚拟机上的Windows服务。服务接收文件,以某种方式修改它们(我们假设它给Word文件添加了自定义属性)并使用MIP SDK用template ID保护它们。 问题。失败,但有以下异常: 出现一个或多个错误。ServiceDiscoveryHelper::GetServiceDetails-无法计算域:许可证域、标识和云endpoin
-
我的大摇大摆的ui显示“参数内容类型”,其中包含各种条目:、、和。 我只想要。 在repo上有一个类似的未解决的问题,它使用了这个可视化(旧的ui,但相同的想法): 版本 版本
-
我有Spring Boot Web应用程序,最初是为内部Tomcat服务器构建的(有效)。然后我采用了该应用程序在Web Logic服务器上运行。我的应用程序编译并部署到服务器没有问题,但当它不服务MVC页面时。每次调用都会抛出404错误。从下面的错误看,它看起来像Spring调度程序servlet存在,但甚至区域设置都没有正确设置。我无法弄清楚这里有什么问题或缺失,但当我创建RestContro
-
本文向大家介绍F# 使用CSV类型提供程序,包括了F# 使用CSV类型提供程序的使用技巧和注意事项,需要的朋友参考一下 示例 给定以下CSV文件: 您可以使用以下脚本读取数据: