Spring Security is not loading js and css. (giving 404 error)

Question

I have recently implemented spring security in my MVC system. After implementing this the JS and CSS are not getting loaded in (giving a 404 error).

spring security XML:

<global-method-security secured-annotations="enabled" />
<http pattern="/**/*.css" security="none" />
<http pattern="/**/*.js" security="none" />
<http pattern="/**/*.png" security="none" />
<http pattern="/**/*.jpg" security="none" />
<http pattern="/**/*.gif" security="none" />
<http pattern="/resources/**" security="none" />

<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true" entry-point-ref="authenticationEntryPoint">

    <!-- Dashboard & resources -->
    <intercept-url pattern="/" access="permitAll" />
    <intercept-url pattern="/loginRequest**" access="permitAll" />
    <intercept-url pattern="/logout**" access="permitAll" />
    <intercept-url pattern="/dashboard**" access="permitAll" />
    <intercept-url pattern="/resources**" access="permitAll" />

    <!-- Incoming Product -->
    <intercept-url pattern="/incomingProduct**" access="hasRole('Administrator') and hasRole('Local_Administrator') and hasRole('Supervisor') and hasRole('Manager')" />

    <!-- Maintanence pages -->
    <intercept-url pattern="/depotUser**" access="hasRole('Administrator') and hasRole('Local_Administrator')" />
    <intercept-url pattern="/product**" access="hasRole('Administrator') and hasRole('Local_Administrator') and hasRole('Supervisor') and hasRole('Manager')" />
    <intercept-url pattern="/productOwner**" access="hasRole('Administrator') and hasRole('Local_Administrator') and hasRole('Supervisor') and hasRole('Manager')" />
    <intercept-url pattern="/storageTank**" access="hasRole('Administrator') and hasRole('Local_Administrator') and hasRole('Supervisor') and hasRole('Manager')" />

    <intercept-url pattern="/admin**" access="hasRole('Administrator')" />

    <!-- access denied page -->
    <access-denied-handler error-page="/error/403" />
    <form-login 
        login-page="/"
        login-processing-url="/loginRequest"
        default-target-url="/dashboard/home"
        authentication-failure-url="/loginPage?invalidLogin=Yes" 
        username-parameter="username"
        password-parameter="password"  
        />
    <logout logout-success-url="/logout" />
    <!-- enable csrf protection -->
    <csrf />

    <custom-filter before="FORM_LOGIN_FILTER" ref="authenticationFilter"/>
</http>

I have defined my resource path in my dispatched servlet XML:

<mvc:resources mapping="/resources/**" location="/WEB-INF/resources/" />

I am including my JS and CSS as follows:

<script src="./resources/plugins/jQuery/jQuery-2.1.4.min.js"></script>
<!-- Bootstrap 3.3.2 JS -->
<script src="./resources/bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
<!-- Bootstrap 3.3.4 -->
<link href="./resources/bootstrap/css/bootstrap.min.css" rel="stylesheet" type="text/css" />

I think there is some mistake that i am overlooking over here.

Can anyone help me?

Thanks, in advance.

Answer 1

Try using jstl core library by adding this line of code on your page.

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

and instead of using this.

<script src="./resources/plugins/jQuery/jQuery-2.1.4.min.js"></script>

try to use this.

<script src="<c:url value="/resources/plugins/jQuery/jQuery-2.1.4.min.js"/>"></script>

Answer 2

I think the you are pointing to incorrect location in <mvc:resources .../>.

It should be <mvc:resources location="/resources/" mapping="/resources/**"/> if all of your js/css files are under src\main\webapp\resources directory.

See this answer.