Mayank Sharma
Mayank Sharma

Reputation: 712

Authorization Before Accessing Static Resources In Spring Web App

I have mapped the static resources in my application in spring's configuration xml like this

<mvc:resources mapping="/resources/**" location="/WEB-INF/resources/" />

Now i want that only users who have authentication and authorization can only access images in that folder as far as authentication is concerned i 've achieved that through spring security like this

<sec:intercept-url pattern="/resources/**" access="isAuthenticated()" />

but i dont want authenticated user to access all of the images in that folder he can access only a subset of images stored in that folder based on certain boundations so what i want that for every request to the image done by the user i want to perform security check whether he is permitted to visit that particular image How To Do that ???

Upvotes: 1

Views: 664

Answers (1)

Michael
Michael

Reputation: 10339

The simplest solution is to move all non-secured images into a separate folder and to make the folder not secured:

<!-- This line BEFORE resources/** pattern -->
<sec:intercept-url pattern="/resources/nonsecuredimages/**" access="permitAll"/>
<sec:intercept-url pattern="/resources/**" access="isAuthenticated()" />

Upvotes: 1

Related Questions