Serving static web resources in Spring Boot & Spring Security application

by

There are a couple of things to be aware of:

  • The Ant matchers match against the request path and not the path of the resource on the filesystem.
  • Resources placed in src/main/resources/public will be served from the root of your application.
    For example src/main/resources/public/hello.jpg would be served from http://localhost:8080/hello.jpg

This is why your current matcher configuration hasn’t permitted access to the static resources. For /resources/** to work, you would have to place the resources in src/main/resources/public/resources and access them at http://localhost:8080/resources/your-resource.

As you’re using Spring Boot, you may want to consider using its defaults rather than adding extra configuration. Spring Boot will, by default, permit access to /css/**, /js/**, /images/**, and /**/favicon.ico. You could, for example, have a file named src/main/resources/public/images/hello.jpg and, without adding any extra configuration, it would be accessible at http://localhost:8080/images/hello.jpg without having to log in. You can see this in action in the web method security smoke test where access is permitted to the Bootstrap CSS file without any special configuration.

More Related Contents:

  1. Filter invoke twice when register as Spring bean
  2. Spring Boot Security CORS
  3. When to use Spring Security`s antMatcher()?
  4. Spring Boot CORS filter – CORS preflight channel did not succeed
  5. CharacterEncodingFilter don’t work together with Spring Security 3.2.0
  6. How to enable HTTP response caching in Spring Boot
  7. Spring 5.0.3 RequestRejectedException: The request was rejected because the URL was not normalized
  8. HttpSecurity, WebSecurity and AuthenticationManagerBuilder
  9. ContentCachingResponseWrapper Produces Empty Response
  10. StrictHttpFirewall in spring security 4.2 vs spring MVC @MatrixVariable
  11. Load different application.yml in SpringBoot Test
  12. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  13. Spring Boot exception: Could not open ServletContext resource [/WEB-INF/dispatcherServlet-servlet.xml]
  14. Angular 2 Spring Boot Login CORS Problems
  15. I can’t update my webapp to Spring Boot 2.6.0 (2.5.7 works but 2.6.0 doesn’t)
  16. @ModelAttribute annotation, when to use it?
  17. How do I get the Session Object in Spring?
  18. Spring Security exclude url patterns in security annotation configurartion
  19. Spring Security 3.2 CSRF support for multipart requests
  20. Spring catch all route for index.html
  21. Spring Boot and custom 404 error page
  22. Multipart File upload Spring Boot
  23. How to get the current logged in user object from spring security?
  24. How to create a Spring Interceptor for Spring RESTful web services
  25. How to use LocalDateTime RequestParam in Spring? I get “Failed to convert String to LocalDateTime”
  26. Which is better, return “ModelAndView” or “String” on spring3 controller
  27. My Application Could not open ServletContext resource
  28. How do I disable resolving login parameters passed as url parameters / from the url
  29. Http Post with request content type form not working in Spring MVC 3
  30. Does Spring @RequestBody support the GET method?

Leave a Comment