Reputation: 712
Authorization Before Accessing Static Resources In Spring Web App
I have mapped the static resources in my application in spring's configuration xml like this
<mvc:resources mapping="/resources/**" location="/WEB-INF/resources/" />
Now i want that only users who have authentication and authorization can only access images in that folder as far as authentication is concerned i 've achieved that through spring security like this
<sec:intercept-url pattern="/resources/**" access="isAuthenticated()" />
but i dont want authenticated user to access all of the images in that folder he can access only a subset of images stored in that folder based on certain boundations so what i want that for every request to the image done by the user i want to perform security check whether he is permitted to visit that particular image How To Do that ???
Upvotes: 1
Views: 664
Answers (1)
Reputation: 10339
The simplest solution is to move all non-secured images into a separate folder and to make the folder not secured:
<!-- This line BEFORE resources/** pattern -->
<sec:intercept-url pattern="/resources/nonsecuredimages/**" access="permitAll"/>
<sec:intercept-url pattern="/resources/**" access="isAuthenticated()" />
Upvotes: 1
Related Questions
- Serving static web resources in Spring Boot & Spring Security application
- How to secure dynamic resources in Spring Boot?
- access static content in secured Spring Boot application
- Serving static resources in spring security - Allow access to all files in '/resources/public'
- How to add security to spring based rest api's and static content
- Spring Security for Static Web Project
- Authorization using Spring Security
- Accessing the static content in Spring 3 MVC application with integrated Spring security
- Process static resource with spring security
- How to secure access to static resources in Spring