Spring Security refuses to serve Static content (Javascript files)

Question

I'm working a school project at the moment, where I am trying to implement the login functionality of Spring Security on a Spring Boot project.

Unfortunately, I've hit a wall in regards to loading my Javascript files, and after scouring the net for all possible solutions, I still haven't found any answer to my problem.

I have a lot of repeat-code in regards to the resources, but I'm simply trying to cover all of my bases.

This is my Spring Security configuration class:

@Configuration
@EnableWebMvc
public class ApplicationSecurityConfiguration extends WebSecurityConfigurerAdapter implements WebMvcConfigurer
{
@Override
    protected void configure(HttpSecurity http) throws Exception
    {
        http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/**/*.js").permitAll()
                .antMatchers("/**.js").permitAll()
                .antMatchers("/resources/**").permitAll()
                .antMatchers("/*.js").permitAll()
                .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().loginPage("/login").permitAll()
                .and()
                .logout().invalidateHttpSession(true)
                .clearAuthentication(true)
                .logoutRequestMatcher(new AntPathRequestMatcher("logout"))
                .logoutSuccessUrl("/logout-success").permitAll();
    }

@Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers("/h2-console/**")
                .antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/img/**", "/icon/**");
    }

This is my HTML code, where I am aiming at my generic /static/js/script.js file. The file is index in resources/templates/ folder

<script type="text/javascript" th:src="@{/js/script.js}"></script>

And this is my folder structure, where I've put an arrow to show where the script.js file is placed.

│   ├───com
│   │   └───adventurealley
│   │       └───aafcro
│   │           ├───authorization
│   │           ├───bootstrap
│   │           ├───controller
│   │           ├───model
│   │           ├───repository
│   │           ├───restcontroller
│   │           └───service
│   ├───static
│   │   ├───css
│   │   └───js -> script.js
└───templates -> index.html

Unfortunately, it is simply not possible to reach the script.js file in any shape or form. Being unable to use Javascript in the project is a kind of a big deal.

Is there anyone who could help me find out what the heck the problem is?

Thanks in advance, Rune

Answer 1

Thanks to @Eleftheria Stein-Kousathana who solved the issue.

@EnableWebSecurity was needed, not @EnableWebMvc.

Since you are getting a not found response, this is unrelated to Spring Security. Did you >mean to annotate your ApplicationSecurityConfiguration class with @EnableWebSecurity >instead of @EnableWebMvc? The @EnableWebMvc annotation will prevent the default behaviour >for serving static resources. Take a look at this question for more details stackoverflow.com/questions/24661289/ – Eleftheria Stein-Kousathana