因爲它的MIME類型（'text/plain'）不可執行，並且啓用了嚴格的MIME類型檢查。

Question

我正在使用Spring Security和Bootstrap在我的HTML文件（JSP）中構建Spring MVC應用程序。

我目前的工作，以解決我的應用程序出現以下錯誤：

「拒絕從 ‘http://localhost:8080/App/Template/js/modernizr.min.js’，因爲它的MIME類型 （文本/ html'）是不可執行的執行腳本，嚴格的MIME類型檢查是啓用 「。 （應用程序的登錄頁面）

上述錯誤消息來自Chrome開發者控制檯。

這裏的基本配置

@Configuration 
@EnableWebSecurity 
@EnableGlobalMethodSecurity(securedEnabled=true) 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{ 

@Autowired 
     protected void globalConfig(AuthenticationManagerBuilder auth, DataSource dataSource) throws Exception { 
    //auth.inMemoryAuthentication().withUser("user").password("123").roles("USER"); 
     auth.jdbcAuthentication() 
      .dataSource(dataSource) 
      //.passwordEncoder(passwordEncoder()) décrupt paswd 
      .usersByUsernameQuery("select username as principal, password as credentials, etat as actived from utilisateurs where username=?") 
      .authoritiesByUsernameQuery("select u.username as principal, ur.nom_role as role from utilisateurs u inner join roles ur on(u.roles_id=ur.id_role) where u.username=?") 
      .rolePrefix("ROLE_"); 
    } 

@Bean 
    public PasswordEncoder passwordEncoder(){ 
     PasswordEncoder encoder = new BCryptPasswordEncoder(); 
     return encoder; 
    } 

    @Override 
    public void configure(WebSecurity web) throws Exception { 
     web.ignoring().antMatchers("/resources/**"); 
    } 

protected void configure(HttpSecurity http) throws Exception { 

     http 
      .sessionManagement().maximumSessions(100).maxSessionsPreventsLogin(false).expiredUrl("/Login"); 
      http 
      .authorizeRequests() 
      .antMatchers("/images/**","/pdf/**","/Template/**","/Views/**","/MainApp.js","/css/**", "/js/**").permitAll() 
      .antMatchers("/Users/**").access("hasRole('ADMIN')") 
      .antMatchers("/Login").anonymous() 
      .anyRequest().authenticated() 
      .and() 
      .exceptionHandling().accessDeniedPage("/403") 
      .and() 
      .formLogin().loginPage("/Login").permitAll() 
      .defaultSuccessUrl("/") 
      .failureUrl("/Login?error=true") 
       .and() 
       .csrf() 
       .and() 
       .rememberMe().tokenRepository(persistentTokenRepository()) 
       .tokenValiditySeconds(360000); 
    } 

@Autowired 
DataSource dataSource; 

@Bean 
public PersistentTokenRepository persistentTokenRepository() { 
     JdbcTokenRepositoryImpl db = new JdbcTokenRepositoryImpl(); 
     db.setDataSource(dataSource); 
     return db; 
    } 

} 

- APPConfigurationApplication.java：

@SpringBootApplication 
@ComponentScan 
@ImportResource("SpringBeans.xml") 
public class APPConfigurationApplication extends SpringBootServletInitializer { 

    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) { 
     return application.sources(APPConfigurationApplication.class); 
    } 

    public static void main(String[] args) { 
     SpringApplication.run(APPConfigurationApplication.class, args); 

    } 

- MvcConfig.java：

@Configuration 
public class MvcConfig extends WebMvcConfigurerAdapter{ 
@Override 
public void configureDefaultServletHandling(
    DefaultServletHandlerConfigurer configurer) { 
      configurer.enable(); 

} 
} 

- 下面是該請求的響應頭：

Request URL:http://localhost:8080/App/Login 

Request Method:GET 

Status Code:200 

Remote Address:[::1]:8080 

Referrer Policy:no-referrer-when-downgrade 

Response Headers 

view source 

Cache-Control:no-cache, no-store, max-age=0, must-revalidate 

Content-Language:fr-FR 

Content-Length:4289 

Content-Type:text/html;charset=UTF-8 

Date:Tue, 09 May 2017 09:18:15 GMT 

Expires:0 

Pragma:no-cache 

X-Content-Type-Options:nosniff 

X-Frame-Options:DENY 

X-XSS-Protection:1; mode=block 

Request Headers 

view source 

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 

Accept-Encoding:gzip, deflate, sdch, br 

Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4 

AlexaToolbar-ALX_NS_PH:AlexaToolbar/alx-4.0.1 

Cache-Control:max-age=0 

Connection:keep-alive 

Cookie:JSESSIONID=6DDBA94C937FADFB889C8CFDDD9E47A3 

Host:localhost:8080 

Upgrade-Insecure-Requests:1 

User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, 

like Gecko) Chrome/57.0.2987.133 Safari/537.36 

但出現這種錯誤，只有當該應用程序被打開首次在瀏覽器。一旦我繼續登錄，然後再次返回到登錄頁面，錯誤不會發生。

EDIT1：

-Web.xml：

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> 
    <display-name>Audit_Configuration</display-name> 
    <welcome-file-list> 
    <welcome-file>index.html</welcome-file> 
    <welcome-file>index.htm</welcome-file> 
    <welcome-file>index.jsp</welcome-file> 
    <welcome-file>default.html</welcome-file> 
    <welcome-file>default.htm</welcome-file> 
    <welcome-file>default.jsp</welcome-file> 
    </welcome-file-list> 

    <servlet> 
    <servlet-name>DefaultServlet</servlet-name> 
    <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class> 
</servlet> 

<!-- DEFAULT --> 
<servlet-mapping> 
    <servlet-name>DefaultServlet</servlet-name> 
    <url-pattern>/Template/css/*</url-pattern> 
</servlet-mapping> 

<servlet-mapping> 
    <servlet-name>js</servlet-name> 
    <url-pattern>/Template/js/*</url-pattern> 
</servlet-mapping> 

<servlet-mapping> 
    <servlet-name>DefaultServlet</servlet-name> 
    <url-pattern>/images/*</url-pattern> 
</servlet-mapping> 

<servlet-mapping> 
    <servlet-name>DefaultServlet</servlet-name> 
    <url-pattern>/pdf/*</url-pattern> 
</servlet-mapping> 

</web-app> 

這裏是我在 「靜態」 文件

here path files

如何，我必須配置Spring Security我可以從我的/靜態資源中加載css/js文件目錄？

Answer 1

的解決方案是在web.xml文件中添加以下代碼：

<servlet> 
    <servlet-name>js</servlet-name> 
    <servlet-class>org.a‌​pache.catalina.servl‌​ets.DefaultServlet</‌​servlet-class> 
</serv‌​let> 
<servlet-mapping‌​> 
    <servlet-name>js</s‌​ervlet-name> 
    <url-pat‌​tern>*.js</url-patte‌​rn> 
</servlet-mapping‌​>