Reputation: 348
Spring Boot serving static content blocked by security
I started Spring Boot + Angular application and for now I want to deploy whole thing as a jar. So I created maven config, where angular app gets built and then is copied to /target/classes/resources
But every request to root (localhost:8080) gets blocked by security. When I disable it i can see the page, which means the whole thing is deployed correctly, but somehow spring does not allow me to see it. Here is my simple security config, I want static resources to be unprotected, while any other request requires authentication:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.anyRequest().authenticated()
.and().httpBasic();
}
}
EDIT: A minimal example of my problem is here: https://gitlab.com/jnowacki/security-issue-demo
EDIT 2: I tries all the things from this post: Serving static web resources in Spring Boot & Spring Security application Do I do something wrong on a conceptual level? Is it wrong to serve static content along with Spring Boot app?
Upvotes: 4
Views: 7976
Answers (7)
Reputation: 9
try this:
.requestMatchers(
"/v1/api/get-token",
"/swagger-ui.html",
"/swagger-ui/*",
"/v3/api-docs/**",
"/swagger-resources/**",
"/webjars/**").permitAll()
Upvotes: 0
Reputation: 221
you must match real path, or example:
.pathMatchers("/assets/**", "/static/**")
.permitAll()ere
Upvotes: 0
Reputation: 66
// extends WebSecrityConfiguratesAdapeter
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Overide
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, ALL_ESCAPE)
.antMatchers("*.js")
.antMatchers(")
.antMatchers(BOWER_COMPONENTS)
.antMatchers(I18N)
.antMatchers(CONTENT);
}
}
Upvotes: 0
Reputation: 684
According to StaticResourceLocation docs:
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
will permit access to CSS, JS, ICO, images and NOT to html.
To permit index.html you can use following configuration:
http.authorizeRequests()
.antMatchers("/index.html", "/").permitAll()
.anyRequest().authenticated()
.and().httpBasic();
Upvotes: 0
Reputation: 1
Use this method to allow static resources to be ignored by spring security
//this method allows static resources to be neglected by spring security
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**", "/static/**");
}
Upvotes: 0
Reputation: 9796
Add this additional override:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(AUTH_WHITELIST);
}
where AUTH_WHITELIST will contain the paths to be ignored. For instance:
private static final String[] SWAGGER_AUTH_WHITELIST = {
// -- swagger ui
"/v2/api-docs",
"/swagger-resources",
"/swagger-resources/**",
"/swagger-ui.html",
"/resources/**"
};
Upvotes: 4
Reputation: 15878
try below.
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**");
}
Refer spring-securitys-antmatcher
Upvotes: 1
Related Questions
- Spring Boot returns 404 for static resources with docker
- Spring Security not serving static content
- Springboot server problem with serving static content
- Serving Static Html Files From Spring, cant get with Spring Security
- Unable to load static content in spring security
- access static content in secured Spring Boot application
- Spring Boot Not Able to Resolve Static Content
- Serve Angular 2 project from static folder with Spring Security
- Cannot access static files after application is secured
- Serving static Resource with spring boot + spring security