1

As stated in the title, when a user is greeted with the welcome page of my spring webapp the embedded html images wont load, just showing the broken image icon. When the user logs in the images are all viewable.

No errors are coming up and I have a feeling it is related to a Spring Security feature, is there any solutions/work arounds for this?

My HTML code:

<a> <img src="src/main/resources/static/images/logo.jpg"> </img></a>

My Controller:

 @RequestMapping(value={"/","home"})
       public String home(){
           return "home";
       }

Project Setup

My WebSecurity:

package com.FYP.Club.Security;


import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import com.FYP.Club.repository.UserLoginRepository;


@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
       UserLoginRepository userLoginRepository;

    //http.authorizeRequests().antMatchers("/", "/home", "/registeruser").permitAll().antMatchers("/admin").hasRole("ADMIN")

     @Autowired
     DataSource dataSource;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests().antMatchers("/", "/home", "/registeruser").permitAll().antMatchers("/admin").hasRole("ADMIN")
                    .anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll().and().logout()
                    .permitAll();
            http.exceptionHandling().accessDeniedPage("/403");
            http.csrf().disable();
            //disable csrf to allow communication (we also dont need for this fyp as its not live)
        }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {


           auth.jdbcAuthentication().dataSource(dataSource)
          .usersByUsernameQuery("select user_name,password,user_status from user_login where user_name=?")
          .authoritiesByUsernameQuery("select user_name, password from user_login where user_name=?");         


}

    }

Let me know if you need more code!

dimitrisli
  • 20,895
  • 12
  • 59
  • 63
KirstenKali
  • 443
  • 3
  • 8
  • 16

1 Answers1

2

You should configure them to be ignored by Spring Security. For example by adding such method to your WebSecurityConfig:

@Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers("/fonts/**", "/images/**", "/css/**");
    }

if you request the images with such link: 

<a> <img src="/images/logo.jpg"> </img></a>
bchto
  • 101
  • 1
  • 2