There are a couple of things to be aware of:
- The Ant matchers match against the request path and not the path of the resource on the filesystem.
- Resources placed in
src/main/resources/public
will be served from the root of your application.
For examplesrc/main/resources/public/hello.jpg
would be served fromhttp://localhost:8080/hello.jpg
This is why your current matcher configuration hasn’t permitted access to the static resources. For /resources/**
to work, you would have to place the resources in src/main/resources/public/resources
and access them at http://localhost:8080/resources/your-resource
.
As you’re using Spring Boot, you may want to consider using its defaults rather than adding extra configuration. Spring Boot will, by default, permit access to /css/**
, /js/**
, /images/**
, and /**/favicon.ico
. You could, for example, have a file named src/main/resources/public/images/hello.jpg
and, without adding any extra configuration, it would be accessible at http://localhost:8080/images/hello.jpg
without having to log in. You can see this in action in the web method security smoke test where access is permitted to the Bootstrap CSS file without any special configuration.