2. 질의 응답
  3. 스프링 부트는 스타일 대신 로그인 페이지를 반환합니다.

스프링 부트는 스타일 대신 로그인 페이지를 반환합니다.

2017-11-23 3 views
0

스프링 부트 앱이 있으며 어떤 이유로 클라이언트에서 각 요청에 css 개의 파일이 응답으로 로그인 페이지의 HTML을 수신합니다. 오류가없고 리디렉션도없고 상태가 200이고 HTML이 응답 본문에 있습니다. 그 이유는 무엇일까요?스프링 부트는 스타일 대신 로그인 페이지를 반환합니다.

로그인 페이지 :

<!DOCTYPE html> 
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:th="http://www.w3.org/1999/xhtml"> 
<head> 
    <meta charset="UTF-8"> 
    <title>Sign in</title> 
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" 
      integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> 
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" 
      integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous"> 
    <link th:href="@{/css/login.css}" rel="stylesheet" media="screen"/> 
</head> 
<body> 
<div class="input-group outlet"> 
    <p>Sign in</p> 
    <form th:action="@{/login}" method="post"> 
     <div><input name="username"/></div> 
     <div><input name="password" type="password"/></div> 
     <div> 
      <button type="submit">Login</button> 
     </div> 
     <div th:if="${loginError}"><p>Invalid username or password</p></div> 
    </form> 
</div> 
</body> 
</html>

보안 설정 :

@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 
    @Autowired 
    private PasswordEncoder passwordEncoder; 

    //TODO: fix this 
    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
       .authorizeRequests() 
        .antMatchers("/resources/**", "/css/**").permitAll() 
        .anyRequest().authenticated() 
       .and() 
       .formLogin() 
        .loginPage("/login") 
        .defaultSuccessUrl("/welcome") 
        .failureUrl("/login-error") 
        .permitAll(); 
    } 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
     auth 
       .inMemoryAuthentication() 
       .passwordEncoder(passwordEncoder) 
       .withUser("user").password("password").roles("USER"); 
    } 

    @Bean 
    PasswordEncoder passwordEncoder() { 
     return NoOpPasswordEncoder.getInstance(); 
    } 
}

로그인 컨트롤러 :

@Controller("login") 
public class LoginController { 
    @GetMapping 
    public String login() { 
     return "login"; 
    } 

    @PostMapping 
    public String postLogin() { 
     // TODO 
     return "/welcome"; 
    } 

    @GetMapping("/login-error") 
    public String loginError(Model model) { 
     model.addAttribute("loginError", true); 
     return "login"; 
    } 
}

응답 헤더 :

Cache-Control:no-cache, no-store, max-age=0, must-revalidate 
Content-Language:en-US 
Content-Type:text/css;charset=UTF-8 
Date:Thu, 23 Nov 2017 17:17:59 GMT 
Expires:0 
Pragma:no-cache 
Transfer-Encoding:chunked 
X-Content-Type-Options:nosniff 
X-Frame-Options:DENY 
X-XSS-Protection:1; mode=block
,451,515,

Folder structure:

UPD : 주목해야 할 중요한 것은 내가 explisitly/CSS에() permitAll를 사용하지 않는 경우/**, 그때 내가 302를 얻을 로그인 페이지로 리디렉션 것입니다. 내가 할 경우, 나는 200을 얻을 CSS 파일의 실제 내용의 대신 응답 본문에서 로그인 페이지의 내용

UPD 2 : 스타일을해야하는 페이지를 로그인하는 요청 동안 봄 보안에서 디버그 로그 :

2017-11-24 17:43:33.926 DEBUG 4088 --- [io-1488-exec-10] o.s.security.web.FilterChainProxy  : /login at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
2017-11-24 17:43:33.927 DEBUG 4088 --- [io-1488-exec-10] o.s.security.web.FilterChainProxy  : /login at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2017-11-24 17:43:33.938 DEBUG 4088 --- [io-1488-exec-10] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists 
2017-11-24 17:43:33.938 DEBUG 4088 --- [io-1488-exec-10] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created. 
2017-11-24 17:43:33.941 DEBUG 4088 --- [io-1488-exec-10] o.s.security.web.FilterChainProxy  : /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
2017-11-24 17:43:33.942 DEBUG 4088 --- [io-1488-exec-10] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.se[email protected]f14213c 
2017-11-24 17:43:33.942 DEBUG 4088 --- [io-1488-exec-10] o.s.security.web.FilterChainProxy  : /login at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter' 
2017-11-24 17:43:33.943 DEBUG 4088 --- [io-1488-exec-10] o.s.security.web.FilterChainProxy  : /login at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 
2017-11-24 17:43:33.944 DEBUG 4088 --- [io-1488-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'POST /logout 
2017-11-24 17:43:33.944 DEBUG 4088 --- [io-1488-exec-10] o.s.security.web.FilterChainProxy  : /login at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
2017-11-24 17:43:33.944 DEBUG 4088 --- [io-1488-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'POST /login 
2017-11-24 17:43:33.944 DEBUG 4088 --- [io-1488-exec-10] o.s.security.web.FilterChainProxy  : /login at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
2017-11-24 17:43:33.944 DEBUG 4088 --- [io-1488-exec-10] o.s.security.web.FilterChainProxy  : /login at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2017-11-24 17:43:33.946 DEBUG 4088 --- [io-1488-exec-10] o.s.security.web.FilterChainProxy  : /login at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2017-11-24 17:43:33.947 DEBUG 4088 --- [io-1488-exec-10] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 
2017-11-24 17:43:33.947 DEBUG 4088 --- [io-1488-exec-10] o.s.security.web.FilterChainProxy  : /login at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' 
2017-11-24 17:43:33.947 DEBUG 4088 --- [io-1488-exec-10] o.s.s.w.session.SessionManagementFilter : Requested session ID 3A4BF8C25F0B7B63F9906222B94C800A is invalid. 
2017-11-24 17:43:33.948 DEBUG 4088 --- [io-1488-exec-10] o.s.security.web.FilterChainProxy  : /login at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2017-11-24 17:43:33.948 DEBUG 4088 --- [io-1488-exec-10] o.s.security.web.FilterChainProxy  : /login at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2017-11-24 17:43:33.950 DEBUG 4088 --- [io-1488-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /login; Attributes: [permitAll] 
2017-11-24 17:43:33.955 DEBUG 4088 --- [io-1488-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 
2017-11-24 17:43:33.963 DEBUG 4088 --- [io-1488-exec-10] o.s.s.access.vote.AffirmativeBased  : Voter: org.sp[email protected]7f46f895, returned: 1 
2017-11-24 17:43:33.963 DEBUG 4088 --- [io-1488-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful 
2017-11-24 17:43:33.963 DEBUG 4088 --- [io-1488-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object 
2017-11-24 17:43:33.963 DEBUG 4088 --- [io-1488-exec-10] o.s.security.web.FilterChainProxy  : /login reached end of additional filter chain; proceeding with original chain 
2017-11-24 17:43:34.826 DEBUG 4088 --- [io-1488-exec-10] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 
2017-11-24 17:43:34.862 DEBUG 4088 --- [io-1488-exec-10] o.s.s.w.a.ExceptionTranslationFilter  : Chain processed normally 
2017-11-24 17:43:34.862 DEBUG 4088 --- [io-1488-exec-10] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed 
2017-11-24 17:43:35.015 DEBUG 4088 --- [nio-1488-exec-9] o.s.security.web.FilterChainProxy  : /css/login.css at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
2017-11-24 17:43:35.015 DEBUG 4088 --- [nio-1488-exec-9] o.s.security.web.FilterChainProxy  : /css/login.css at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2017-11-24 17:43:35.015 DEBUG 4088 --- [nio-1488-exec-9] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT 
2017-11-24 17:43:35.016 DEBUG 4088 --- [nio-1488-exec-9] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: [email protected] A new one will be created. 
2017-11-24 17:43:35.016 DEBUG 4088 --- [nio-1488-exec-9] o.s.security.web.FilterChainProxy  : /css/login.css at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
2017-11-24 17:43:35.016 DEBUG 4088 --- [nio-1488-exec-9] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.se[email protected]f14213c 
2017-11-24 17:43:35.016 DEBUG 4088 --- [nio-1488-exec-9] o.s.security.web.FilterChainProxy  : /css/login.css at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter' 
2017-11-24 17:43:35.016 DEBUG 4088 --- [nio-1488-exec-9] o.s.security.web.FilterChainProxy  : /css/login.css at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 
2017-11-24 17:43:35.016 DEBUG 4088 --- [nio-1488-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /css/login.css' doesn't match 'POST /logout 
2017-11-24 17:43:35.016 DEBUG 4088 --- [nio-1488-exec-9] o.s.security.web.FilterChainProxy  : /css/login.css at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
2017-11-24 17:43:35.017 DEBUG 4088 --- [nio-1488-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /css/login.css' doesn't match 'POST /login 
2017-11-24 17:43:35.017 DEBUG 4088 --- [nio-1488-exec-9] o.s.security.web.FilterChainProxy  : /css/login.css at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
2017-11-24 17:43:35.017 DEBUG 4088 --- [nio-1488-exec-9] o.s.security.web.FilterChainProxy  : /css/login.css at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
2017-11-24 17:43:35.017 DEBUG 4088 --- [nio-1488-exec-9] o.s.security.web.FilterChainProxy  : /css/login.css at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
2017-11-24 17:43:35.017 DEBUG 4088 --- [nio-1488-exec-9] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]6fa8940c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffde5d4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: EACE11EC21F40FE5BD10CC56F71C0DD3; Granted Authorities: ROLE_ANONYMOUS' 
2017-11-24 17:43:35.017 DEBUG 4088 --- [nio-1488-exec-9] o.s.security.web.FilterChainProxy  : /css/login.css at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' 
2017-11-24 17:43:35.017 DEBUG 4088 --- [nio-1488-exec-9] o.s.security.web.FilterChainProxy  : /css/login.css at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
2017-11-24 17:43:35.017 DEBUG 4088 --- [nio-1488-exec-9] o.s.security.web.FilterChainProxy  : /css/login.css at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
2017-11-24 17:43:35.017 DEBUG 4088 --- [nio-1488-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/css/login.css'; against '/css/**' 
2017-11-24 17:43:35.019 DEBUG 4088 --- [nio-1488-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /css/login.css; Attributes: [permitAll] 
2017-11-24 17:43:35.019 DEBUG 4088 --- [nio-1488-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.sprin[email protected]6fa8940c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]fffde5d4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: EACE11EC21F40FE5BD10CC56F71C0DD3; Granted Authorities: ROLE_ANONYMOUS 
2017-11-24 17:43:35.021 DEBUG 4088 --- [nio-1488-exec-9] o.s.s.access.vote.AffirmativeBased  : Voter: org.sp[email protected]7f46f895, returned: 1 
2017-11-24 17:43:35.021 DEBUG 4088 --- [nio-1488-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful 
2017-11-24 17:43:35.021 DEBUG 4088 --- [nio-1488-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object 
2017-11-24 17:43:35.021 DEBUG 4088 --- [nio-1488-exec-9] o.s.security.web.FilterChainProxy  : /css/login.css reached end of additional filter chain; proceeding with original chain 
2017-11-24 17:43:35.031 DEBUG 4088 --- [nio-1488-exec-9] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 
2017-11-24 17:43:35.033 DEBUG 4088 --- [nio-1488-exec-9] o.s.s.w.a.ExceptionTranslationFilter  : Chain processed normally 
2017-11-24 17:43:35.033 DEBUG 4088 --- [nio-1488-exec-9] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

UPD 3 : MVC의 디버그 로그 비린내가 보인다, 왜 내 로그인 컨트롤러에 login.css에 요청을지도 하는가?

2017-11-24 19:05:13.967 DEBUG 27408 --- [nio-1488-exec-9] o.s.web.servlet.DispatcherServlet  : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/css/login.css] 
2017-11-24 19:05:13.967 DEBUG 27408 --- [nio-1488-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /css/login.css 
2017-11-24 19:05:13.968 DEBUG 27408 --- [nio-1488-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public java.lang.String zhi.yest.furniture.controller.LoginController.login()] 
2017-11-24 19:05:13.968 DEBUG 27408 --- [nio-1488-exec-9] o.s.web.servlet.DispatcherServlet  : Last-Modified value for [/css/login.css] is: -1 
2017-11-24 19:05:13.969 DEBUG 27408 --- [nio-1488-exec-9] o.s.w.s.v.ContentNegotiatingViewResolver : Requested media types are [text/css] based on Accept header types and producible media types [*/*]) 
2017-11-24 19:05:13.969 DEBUG 27408 --- [nio-1488-exec-9] o.s.w.servlet.view.BeanNameViewResolver : Found matching bean for view name 'login' - to be ignored since it does not implement View 
2017-11-24 19:05:13.969 DEBUG 27408 --- [nio-1488-exec-9] o.s.w.servlet.view.BeanNameViewResolver : No matching bean found for view name 'login.css' 
2017-11-24 19:05:13.970 DEBUG 27408 --- [nio-1488-exec-9] o.s.w.s.v.ContentNegotiatingViewResolver : No acceptable view found; returning null 
2017-11-24 19:05:13.970 DEBUG 27408 --- [nio-1488-exec-9] o.s.w.servlet.view.BeanNameViewResolver : Found matching bean for view name 'login' - to be ignored since it does not implement View 
2017-11-24 19:05:13.970 DEBUG 27408 --- [nio-1488-exec-9] o.s.web.servlet.DispatcherServlet  : Rendering view [[email protected]] in DispatcherServlet with name 'dispatcherServlet' 
2017-11-24 19:05:13.979 DEBUG 27408 --- [nio-1488-exec-9] o.s.web.servlet.DispatcherServlet  : Successfully completed request

출처

2017-11-23 Leonid Bor

+1

당신은을 구성하지 않은 :

또한, configure(HttpSecurity http)에 정적 폴더 (그래서 당신은 @{/css/main.css}와 thymeleaf 템플릿에서 그들에 액세스 할 수있을 것입니다)의 경로를 변경하려고 할 수 있습니다 'GetMapping'의 경로 속성. '@GetMapping ("/ login")'을 시도 했습니까? – dur

+0

@dur 컨트롤러 클래스에'@RequestMapping ("/ login")'을 추가하면 문제가 해결되었습니다. 감사합니다! 익명() –

답변

1

먼저 디버그 모드 로깅 속성을 설정하려고하고 그것을 확인하지만 난 당신이 .permitAll()를 교체하려고 자원으로 익명 사용자를 얻으려고 노력하고 있기 때문에 그것의 꽤 확신 .anonymous()

출처

2017-11-23 17:33:16 MiCkl

+0

같은 결과는 예외 { 웹 .ignoring() .antMatchers ("/자원/** ")를 던졌습니다 } –

+0

@Override 공공 무효의 구성 (WebSecurity 웹)과 – MiCkl

+0

형식이 잘못되었지만 안드로이드 앱 – MiCkl

-1

SecurityConfig에서 configure(WebSecurity web) 메서드를 재정의하려고하십시오.

@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 
@Autowired 
private PasswordEncoder passwordEncoder; 

// fix this 
@Override 
public void configure(WebSecurity web) throws Exception { 
web 
    .ignoring() 
    .antMatchers("/resources/static/**", "/resources/templates/**"); 
} 

// fix this 
@Override 
protected void configure(HttpSecurity http) throws Exception { 
    http 
      .authorizeRequests() 
      .antMatchers("/", "/css/**").permitAll() 
      .anyRequest().authenticated() 
      .and() 
      .formLogin() 
       .loginPage("/login") 
       .defaultSuccessUrl("/welcome") 
       .failureUrl("/login-error") 
       .permitAll(); 
} 

@Autowired 
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
    auth 
      .inMemoryAuthentication() 
      .passwordEncoder(passwordEncoder) 
      .withUser("user").password("password").roles("USER"); 
} 

@Bean 
PasswordEncoder passwordEncoder() { 
    return NoOpPasswordEncoder.getInstance(); 
} 
}

출처

2017-11-24 07:45:36 aigyz

+0

그 모두가 이미 제안되었으며 그 중 아무 것도 동작을 변경하지 않습니다. –

관련 문제

 관련 문제