I have a Spring Boot webapp with some security configurations for different routes. The project has some resources listed as follows:
- resources/
- static/
- css/
- img/
- js/
- libs/
- templates/
- config-files/
- application.properties
The problem is that while I can load my views (without styles) through the template engine (thymeleaf), all requests to static contents return a 401 code.
Now, I searched and found a lot of content regarding this issue. The funny part in here is that neither js, libs nor css files are being loaded, BUT images ARE being displayed. To clarify: even images are returning 401 codes while being displayed.
Some of the already asked questions I've found are:
- Spring Boot not serving static content
- SpringBoot 401 UnAuthorized even with out security
- Springboot unable to load js files from resources folder
- Spring Test returning 401 for unsecured URLs
And I've dug around a lot of spring documentation
So here are my config, security & login files by th, which I've tampered a lot but stills nothing works:
@EnableWebMvc
@Configuration
@ImportResource({"classpath:mongo-config.xml"})
public class ProjectConfiguration implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler(
"/img/**",
"/css/**",
"/js/**",
"/libs/**")
.addResourceLocations(
"classpath:/static/img/",
"classpath:/static/css/",
"classpath:/static/js/",
"classpath:/static/libs/");
}
@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("Security Config");
http .csrf().disable()
.httpBasic().disable()
.authorizeRequests()
.antMatchers("/js/**","/css/**","/img/**","/libs/**").permitAll()
.antMatchers("/userManagement", "/userManagement/**", "/rest/auth").permitAll()
.antMatchers("/admin", "/admin/**").hasRole("ADMIN")
.antMatchers("/managementSettings", "/managementSettings/**").hasRole("MANAGEMENT")
.antMatchers("/user/**").hasRole("USER")
.antMatchers("/**").hasAnyRole("USER", "DEMO", "MANAGEMENT")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.successHandler( CustomSimpleURLAuthenticationSuccesHandler())
.failureUrl("/login?error")
.and()
.logout()
.permitAll()
.logoutRequestMatcher( new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login")
.and()
.addFilterAfter(AjaxRedirectFilter(), ExceptionTranslationFilter.class)
.headers()
.httpPublicKeyPinning()
.addSha256Pins("*********************","*************************")
.includeSubDomains(true)
.maxAgeInSeconds(10000);
}
@Override
public void configure(WebSecurity web) {
web
.ignoring()
.antMatchers("/js/**","/css/**","/img/**","/libs/**");
}
<div class="content">
<img style="margin:auto" class="img-responsive" th:src="@{/img/logo.png}"/>
</div>
I would like to point out a few things:
@{/img/logo.png} seems to be the correct endpoint to request from view because if I change anything here images do not display
In the same way, if I change any route from the security or config files images do not display, so routes must be correct in there too
If I open the browser developer tools and check the network tab it says: "Failed to load response data", but if double click the file it does open in fact the js resource as plain text loaded from the server dev tools capture & plain text jQuery display
So, with all this being said, how can I load all my static files in my view? I don't mind having custom or default paths as long as I'm able to access my files
