I have a problem applying css to the web pages, using spring security (3.0.7 version). I have the following config:
我使用spring security(3.0.7版本)将css应用于web页面有一个问题。我有以下配置:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/faces/resources/**" filters="none"/>
<intercept-url pattern="/faces/inicio.xhtml" access="permitAll"/>
<intercept-url pattern="/faces/paginas/autenticacion/login.xhtml*" access="permitAll"/>
<intercept-url pattern="/faces/paginas/administracion/**" access="isAuthenticated()"/>
<intercept-url pattern="/faces/paginas/barco/**" access="isAuthenticated()"/>
<intercept-url pattern="/faces/paginas/catalogo/**" access="permitAll"/>
<intercept-url pattern="/faces/paginas/error/**" access="permitAll"/>
<intercept-url pattern="/faces/paginas/plantillas/**" access="permitAll"/>
<intercept-url pattern="/**" access="denyAll" />
By default, I deny access to the whole pages. Then, I apply authorization to the concrete pages specifying their URLs patterns, and they apply first in the given order, being the denyAll rule the last one.
默认情况下,我拒绝访问整个页面。然后,我对指定url模式的具体页面应用授权,它们首先按照给定的顺序应用,即denyAll规则最后一个。
- "inicio.xhtml" is the homepage.
- “inicio。xhtml”是主页。
- "login.xhtml" is the login form.
- ”登录。xhtml“是登录表单。
- "administracion" and "barco" directories contain pages that should be accessed just by authenticated users.
- “adminacion”和“barco”目录包含应该仅由经过身份验证的用户访问的页面。
- "catalogo" directory contains pages that should be accessed by everyone.
- “catalogo”目录包含每个人都应该访问的页面。
- "error" directory contains the error pages of the app.
- “error”目录包含应用程序的错误页面。
- "plantillas" directory contains the template facelets pages of the app (I use JSF2).
- “plantillas”目录包含应用程序的模板facelets页(我使用JSF2)。
The "resources" directory contain images, css files, and javascript. So in the first line I tell spring security not to use the security filter for it.
“资源”目录包含图像、css文件和javascript。所以在第一行,我告诉spring security不要使用安全过滤器。
However, with this configuration, when I run the app, css styles are not applied to pages!!
但是,有了这个配置,当我运行这个应用程序时,css样式就不会应用到页面上了!
I've checked that if I turn the default authorization to "permitAll", it works. But I don't want to do that, beacuse it isn't a good practice.
我检查过,如果我将默认授权转换为“permitAll”,它就可以工作。但我不想那样做,因为这不是一个好的练习。
Any idea why not working? I think it should work.
知道为什么不工作吗?我认为这应该行得通。
1 个解决方案
#1
4
This works if you are adding stylesheets inline. For example:
如果您正在内联地添加样式表,这是可行的。例如:
<link type="text/css" rel="stylesheet" href="/resources/style.css" />
If you are using
如果您使用的是
<h:outputStylesheet>
tag, the url pattern should be like this
标签,url模式应该是这样的。
<intercept-url pattern="/faces/javax.faces.resource/**" filters="none"/>
#1
4
This works if you are adding stylesheets inline. For example:
如果您正在内联地添加样式表,这是可行的。例如:
<link type="text/css" rel="stylesheet" href="/resources/style.css" />
If you are using
如果您使用的是
<h:outputStylesheet>
tag, the url pattern should be like this
标签,url模式应该是这样的。
<intercept-url pattern="/faces/javax.faces.resource/**" filters="none"/>