Reputation: 4754
spring security css styles don't work
I have a problem applying css to the web pages, using spring security (3.0.7 version). I have the following config:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/faces/resources/**" filters="none"/>
<intercept-url pattern="/faces/inicio.xhtml" access="permitAll"/>
<intercept-url pattern="/faces/paginas/autenticacion/login.xhtml*" access="permitAll"/>
<intercept-url pattern="/faces/paginas/administracion/**" access="isAuthenticated()"/>
<intercept-url pattern="/faces/paginas/barco/**" access="isAuthenticated()"/>
<intercept-url pattern="/faces/paginas/catalogo/**" access="permitAll"/>
<intercept-url pattern="/faces/paginas/error/**" access="permitAll"/>
<intercept-url pattern="/faces/paginas/plantillas/**" access="permitAll"/>
<intercept-url pattern="/**" access="denyAll" />
By default, I deny access to the whole pages. Then, I apply authorization to the concrete pages specifying their URLs patterns, and they apply first in the given order, being the denyAll rule the last one.
- "inicio.xhtml" is the homepage.
- "login.xhtml" is the login form.
- "administracion" and "barco" directories contain pages that should be accessed just by authenticated users.
- "catalogo" directory contains pages that should be accessed by everyone.
- "error" directory contains the error pages of the app.
- "plantillas" directory contains the template facelets pages of the app (I use JSF2).
The "resources" directory contain images, css files, and javascript. So in the first line I tell spring security not to use the security filter for it.
However, with this configuration, when I run the app, css styles are not applied to pages!!
I've checked that if I turn the default authorization to "permitAll", it works. But I don't want to do that, beacuse it isn't a good practice.
Any idea why not working? I think it should work.
Upvotes: 4
Views: 6041
Answers (1)
Reputation: 8574
This works if you are adding stylesheets inline. For example:
<link type="text/css" rel="stylesheet" href="/resources/style.css" />
If you are using
<h:outputStylesheet>
tag, the url pattern should be like this
<intercept-url pattern="/faces/javax.faces.resource/**" filters="none"/>
Upvotes: 4
Related Questions
- Spring security does not allow CSS or JS resources to be loaded
- Spring security filter is never invoked
- CSS stylesheet doesn't work with Spring Security + Spring Boot + Thymeleaf
- spring security doesn't load the resources (images, css)
- CSS not loaded || Spring
- Why does my Spring Security login.jsp puke CSS and how do I fix it?
- CSS in spring security
- Spring security : css is missing or not loaded in a web browser
- Spring security 3.2 - CSS display issue
- Spring mvc - Css does not work