spring security | security config permitall not working

Question

@EnableWebSecurity public class WebSecurityConfig implements WebMvcConfigurer {

@Bean
public UserDetailsService userDetailsService() throws Exception {
    InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
    manager.createUser(User.withDefaultPasswordEncoder().username("user").password("user").roles("USER").build());
    return manager;
}

protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests().antMatchers("/css/**").permitAll()
        .anyRequest().authenticated();
}
}

Above code is not working, url: localhost:8080/css/styles.css is redirecting to login page. The code layout is, src/main/resources/static folder has html, css and js folders inside of which files remain.

Thanks in advance.

Answer 1

I think addResourceHandlers method can help you.

public class WebSecurityConfig implements WebMvcConfigurer {

 @Override
 public void addResourceHandlers(final ResourceHandlerRegistry registry) {
    registry.addResourceHandler("/static/**")
        .addResourceLocations("classpath:/static/");
 }
}

it means find your resources in your static folder.

Answer 2

Not sure if this will work, but currently in my project, this is my config. and it's working properly.

    public class SecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests()
                .antMatchers(HttpMethod.GET, "/js/**", "/css/*", "/images/**")
                .permitAll()
                .anyRequest()
                .authenticated();
        }