I am trying to make a login page using spring security, and have added the .css file in the AntMatcher list for permission. but still, I am getting the following error when trying to load the CSS file.
Exception:
home:6 GET http://localhost:8080/defaultStyle.css net::ERR_ABORTED 404
updating with the changed classes.
WebSecurityConfig class Code:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity( jsr250Enabled = true,
prePostEnabled = true )
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
CustomUserDetailsService customUserDetailsService;
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
@Autowired
private JwtAuthenticationFilter jwtAuthenticationFilter;
@Autowired
private CustomAccessDeniedHandler customAccessDeniedHandler;
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception
{
return super.authenticationManagerBean();
}
@Override
public void configure( WebSecurity web ) throws Exception
{
web.ignoring()
.antMatchers( "/*.css" ) // or better ending with ".{js,html}" or something
.antMatchers( "/resources/static/**/*" );
}
@Override
public void configure( HttpSecurity http ) throws Exception
{
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers( "/*", "/admin", "/api/auth/**",
"/static/**",
"/css/*.css",
"/img/**",
"/favicon.ico",
"/**/*.png",
"/**/*.gif",
"/**/*.svg",
"/**/*.jpg",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/webjars/**" ).permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage( "/home" )
.loginProcessingUrl( "/login-user" )
.defaultSuccessUrl( "/dashboard" ).permitAll()
.and()
.logout().invalidateHttpSession( true )
.clearAuthentication( true )
.logoutRequestMatcher( new AntPathRequestMatcher( "/logout" ) )
.logoutSuccessUrl( "/login?logout" )
.permitAll().and()
.exceptionHandling().accessDeniedHandler( customAccessDeniedHandler ).authenticationEntryPoint( unauthorizedHandler ).and()
.sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS );
http
.addFilterBefore( jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class );
}
@Autowired
public void globalUserDetails( AuthenticationManagerBuilder auth ) throws Exception
{
auth.userDetailsService( customUserDetailsService )
.passwordEncoder( passwordEncoder() );
}
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
}
}
Web Config Class
Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer
{
@Override
public void addResourceHandlers( ResourceHandlerRegistry registry )
{
registry
.addResourceHandler( "swagger-ui.html" )
.addResourceLocations( "classpath:/META-INF/resources/" );
registry
.addResourceHandler( "/webjars/**" )
.addResourceLocations( "classpath:/META-INF/resources/webjars/" );
registry
.addResourceHandler( "/static/**" )
.addResourceLocations( "classpath:/static/" );
registry.addResourceHandler( "/css/**" )
.addResourceLocations( "/css/" );
registry.addResourceHandler( "/img/**" )
.addResourceLocations( "/img/" );
registry.addResourceHandler( "/js/**" )
.addResourceLocations( "/js/" );
}
@Override
public void addCorsMappings( CorsRegistry registry )
{
registry.addMapping( "/**" )
.allowedMethods( "POST", "GET", "PUT", "OPTIONS", "DELETE" )
.allowedHeaders( "X-Auth-Token", "Content-Type" )
.exposedHeaders( "custom-header1", "custom-header2" )
.allowCredentials( false )
.maxAge( 4800 );
}
@Override
public void addViewControllers( ViewControllerRegistry registry )
{
System.out.println( "Inside MvcConfig addViewControllers() adding View forgot" );
registry.addViewController( "/admin/home" ).setViewName( "jsp/home" );
registry.addViewController( "/login" ).setViewName( "/login" );
}
}
New Error
edit
I have updated the question with the modified web security file and changed the exception to new exception I am getting now.
