Junjie Junjie - 3 months ago 10
CSS Question

when spring security enabled, resouces(css or js) can't be loaded

The resource is under src/main/resources/static/css or src/main/resources/static/js, I'm using spring boot, and the class of security is:

@Configuration
@EnableWebMvcSecurity
@EnableGlobalAuthentication
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
// http.authorizeRequests().antMatchers("/", "/index", "/quizStart")
// .permitAll().anyRequest().authenticated();
// http.formLogin().loginPage("/login").permitAll().and().logout()
// .permitAll();
}

@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("test").password("test")
.roles("USER");
}
}


It works well (resources can be loaded) when I access "/index" from browser, however, if I uncomment the four lines in the class, resources can not be loaded, the four lines means:

http.authorizeRequests().antMatchers("/", "/index", "/quizStart")
.permitAll().anyRequest().authenticated();
http.formLogin().loginPage("/login").permitAll().and().logout()
.permitAll();


Could anyone help with this ? Thanks in advance.

Answer

You probably want to make sure to have your directory containing those items set as permitAll.

Here's an excerpt from my spring security context file. Under the resources directory, I have js, css, and images folders which are given permissions by this line.

<security:intercept-url pattern="/resources/**" access="permitAll" />