Reputation: 651
How to fix access to resources using spring security?
I just copied login/register form with spring security from web and i have huge problems. I want make all resources PUBLIC for all, because after 5 hours i totally don't know what is f****** going on with this spring security.
Ok here is my configure method 1:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
...
...
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// URLs matching for access rights
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/register").permitAll()
.antMatchers("/DBDesign").permitAll()
.antMatchers("/index").permitAll()
.antMatchers("/admin/**").hasAuthority("ADMIN")
.antMatchers("/user/**").hasAuthority("USER")
.anyRequest().authenticated()
.and()
// form login
.csrf().disable().formLogin()
.loginPage("/login")
.failureUrl("/login?error=true")
.successHandler(sucessHandler)
.usernameParameter("email")
.passwordParameter("password")
.and()
// logout
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").and()
.exceptionHandling()
.accessDeniedPage("/access-denied");
}
configuration method 2:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**", "/static/**", "/common/**", "/js/**", "/images/**");
}
}
configuration method 3:
@Configuration
public class WebMvcConfig implements WebMvcConfigurer{
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry
.addResourceHandler("/webjars/**", "/static/**", "/templates/**")
.addResourceLocations("/webjars/", "classpath:/static/", "classpath:/templates/");
}
}
I am 100% sure that one of these methods is responsible for managing the directories that are to be available before logging in and which are not. Guys please can someone explain how exactly this work? Look this is my temporary file structure:
green --- i have access
red --- i dont have access
I can copy and paste path to "green" files and see what is inside, but if i am trying to do the same thing for red files... error 404. How is this possible? Only those 2x dont have permission.
Upvotes: 1
Views: 297
Answers (1)
Reputation: 6936
The resourcehandler /static/** points to classpath:/static/
So the security-filter should ignore requests to /sidebar/**, ....
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/sidebar/**","/diagramER/**", .....);
}
Then you can use in your pages something like
<html lang="en">
<head>
....
<script src="/sidebar/js/main.js" ></script>
<script src="/diagramER/DBDesign.js" ></script>
<link rel="stylesheet" type="text/css" href="/sidebar/common/style.css">
</head>
Upvotes: 1
Related Questions
- Getting Not Found failures accessing protected Spring Boot resources
- apply security=none to context root and static resources : spring security version 3.1
- Spring security don't allow resources and after login browser shows only a css file?
- Static resources are secured and not accessible after migrating to Spring Boot 2.0
- How to disable spring security for certain resource paths
- Spring Security Failed to load resource: the server responded with a status of 404
- j_spring_security_check - The requested resource is not available
- spring-security access denied exception
- spring security is not filtering access to resources based on roles
- stop spring security blocking access to my resources folder