Spring MVC资源映射到/ **

Question

I have the classic situation in a Spring web-app in which the webapp folder contains the resources folder with JS or CSS files for example.

Usually, I've seen that to map the access to these files we have to put this tag

<mvc:resources mapping="/resources/**" location="/resources/" />

in the spring web-app configuration xml. I would like to know if there is some "versus" or risks that make me avoid to map them with the following :

<mvc:resources mapping="/**" location="/resources/" />

such that every resource inside "resources" is mapped starting by "/"

As a consequence of this, for example I would import js files with

<script type="text/javascript" src="/js/myfile.js">

rather than with

  <script type="text/javascript" src="/resources/js/myfile.js">

At this moment, the only consequence I see is that other resources outside the "resources" folder are not being mapped. But I ask me if there is also a security reason.

Answer 1

This will map every path to the resource handler. I'm not sure there are any security risks because every path will still just look in the resources folder. Presumably the resources folder content is not sensitive information. But it's not flexible as you pointed out.

I believe @RequestMapping will take precedence over resource mappings, so you should be okay there.

But I'd advise against this because you can get the exact same behavior by mapping this way that won't cause problems with static content in the future:

<mvc:resources mapping="/js/**" location="/resources/js/" />