Menu
The resource is under src/main/resources/static/css or src/main/resources/static/js, I'm using spring boot, and the class of security is:
@Configuration @EnableWebMvcSecurity @EnableGlobalAuthentication public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // http.authorizeRequests().antMatchers("/", "/index", "/quizStart") // .permitAll().anyRequest().authenticated(); // http.formLogin().loginPage("/login").permitAll().and().logout() // .permitAll(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("test").password("test") .roles("USER"); } } It works well (resources can be loaded) when I access "/index" from browser, however, if I uncomment the four lines in the class, resources can not be loaded, the four lines means:
http.authorizeRequests().antMatchers("/", "/index", "/quizStart") .permitAll().anyRequest().authenticated(); http.formLogin().loginPage("/login").permitAll().and().logout() .permitAll(); Could anyone help with this ? Thanks in advance.
568
You probably want to make sure to have your directory containing those items set as permitAll.
Here's an excerpt from my spring security context file. Under the resources directory, I have js, css, and images folders which are given permissions by this line.
<security:intercept-url pattern="/resources/**" access="permitAll" /> For some reason, this did not work for me:
http.authorizeRequests().antMatchers("/resources/**").permitAll(); I had to add this:
http.authorizeRequests().antMatchers("/resources/**").permitAll().anyRequest().permitAll(); Also, this line has to be after the code which restrics access.
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
