问题描述
我有一个问题应用CSS到网页,使用spring security(3.0.7版本)。我有以下配置:
I have a problem applying css to the web pages, using spring security (3.0.7 version). I have the following config:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/faces/resources/**" filters="none"/>
<intercept-url pattern="/faces/inicio.xhtml" access="permitAll"/>
<intercept-url pattern="/faces/paginas/autenticacion/login.xhtml*" access="permitAll"/>
<intercept-url pattern="/faces/paginas/administracion/**" access="isAuthenticated()"/>
<intercept-url pattern="/faces/paginas/barco/**" access="isAuthenticated()"/>
<intercept-url pattern="/faces/paginas/catalogo/**" access="permitAll"/>
<intercept-url pattern="/faces/paginas/error/**" access="permitAll"/>
<intercept-url pattern="/faces/paginas/plantillas/**" access="permitAll"/>
<intercept-url pattern="/**" access="denyAll" />
默认情况下,我拒绝访问整个页面。然后,我将授权应用到指定其URL模式的具体页面,并且它们以给定顺序首先应用,其中denyAll规则是最后一个。
By default, I deny access to the whole pages. Then, I apply authorization to the concrete pages specifying their URLs patterns, and they apply first in the given order, being the denyAll rule the last one.
- inicio.xhtml是首页。
- login.xhtml是登录表单。
- administracion和barco 目录包含只能由经过身份验证的用户访问的页面。
- catalogo目录包含应由所有人访问的页面。
- 目录包含应用程序的错误页面。
- plantillas目录包含
应用程序(我使用JSF2)的模板facelets页面。
- "inicio.xhtml" is the homepage.
- "login.xhtml" is the login form.
- "administracion" and "barco" directories contain pages that should be accessed just by authenticated users.
- "catalogo" directory contains pages that should be accessed by everyone.
- "error" directory contains the error pages of the app.
- "plantillas" directory contains the template facelets pages of theapp (I use JSF2).
resources目录包含图像,css文件和javascript。所以在第一行我告诉弹簧安全不要使用安全过滤器。
The "resources" directory contain images, css files, and javascript. So in the first line I tell spring security not to use the security filter for it.
但是,使用这个配置,当我运行应用程序,css样式不应用到页面。
However, with this configuration, when I run the app, css styles are not applied to pages!!
我已经检查,如果我把默认授权为permitAll,它的工作原理。但我不想这样做,因为它不是一个好的做法。
I've checked that if I turn the default authorization to "permitAll", it works. But I don't want to do that, beacuse it isn't a good practice.
任何想法为什么不工作?我认为它应该工作。
Any idea why not working? I think it should work.
推荐答案
如果你添加样式表在线,这将工作。例如:
This works if you are adding stylesheets inline. For example:
<link type="text/css" rel="stylesheet" href="/resources/style.css" />
如果您使用
<h:outputStylesheet>
标记,网址格式应该如下
tag, the url pattern should be like this
<intercept-url pattern="/faces/javax.faces.resource/**" filters="none"/>
这篇关于spring security css样式不工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!