stackoom
  简体   繁体   中英

Error 403 on image when using Spring Boot + Spring Security

 原文  2016-03-09 20:09:01       java/ spring/ spring-security/ spring-boot

Question

I'm trying out Spring Boot for the first time and I'm stuck with an error 403 that I can't figure out how to get around

I've created an admin page using thymeleaf: 

<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
<head>
    <title>The Link Application</title>
    <link rel="stylesheet" href="css/bootstrap.min.css"/>
</head>
<body>

<nav class="navbar navbar-default">
    <div class="container-fluid">

        <div class="navbar-header">
            <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
                <span class="sr-only">Toggle Navigation</span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="navbar-brand" href="#">
                <img src="img/Company-logo-sm-header.png" />
            </a>
        </div>
    </div>
</nav>

...

The CSS loads perfectly and is located at src/main/resources/static/css , the image that's giving me the error 403 is located at src/main/resources/static/img

This is my Application class: 

@Configuration
@ComponentScan
@EnableAutoConfiguration
public class Application {

  public static void main(String[] args) throws Exception {
    SpringApplication.run(Application.class, args);
  }

}

I've got an MVC Config class: 

@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {

  @Override
  public void addViewControllers(ViewControllerRegistry registry) {
    registry.addViewController("/home").setViewName("home");
    registry.addViewController("/").setViewName("home");
    registry.addViewController("/hello").setViewName("hello");
    registry.addViewController("/login").setViewName("login");
  }

}

And a security config which I'm not sure if I'm using it correctly, antMatchers(...).permitAll() to me seems like it should allow images: 

@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {

    http
        .authorizeRequests()
          .antMatchers("/public/**", "/resources/**","/resources/public/**").permitAll()
          .antMatchers("/", "/home", "/link").permitAll()
          .antMatchers("/css/**", "/js/**", "/img/**", "**/favicon.ico").anonymous()
          .antMatchers("/admin").hasRole("ADMIN")
        .anyRequest().authenticated().and()
        .formLogin().loginPage("/login").permitAll().and()
        .logout().permitAll();
  }

  @Override
  public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
        .inMemoryAuthentication()
        .withUser("admin").password("admin").roles("USER", "ADMIN").and()
        .withUser("user").password("user").roles("USER");
  }

}

I'm using Spring Boot 1.3.3 I don't have a public directory in /src/main/resources , all my static content is going into /src/main/resources/static , css is going into the css subfolder, js is going into the js subfolder and they both work fine when doing <link rel="stylesheet" href="css/bootstrap.min.css"/> or <script src="js/jquery-2.2.1.min.js"></script>

Any idea why my image in /src/main/resouces/static/img is giving me an error 403 and the CSS in /src/main/resouces/static/css and JS in /src/main/resouces/static/js are not?

2 answers

solution1
 2 ACCPTED  2016-03-09 20:42:41

I think it's just your security config that needs work.

You don't need this line since that's just where the static assets are being served from. It's not a path that will be accessible. 

.antMatchers("/public/**", "/resources/**","/resources/public/**").permitAll()

As for this line, try change .anonymous() to .permitAll() and you should be able to access the images. 

.antMatchers("/css/**", "/js/**", "/img/**", "**/favicon.ico").anonymous()

solution2
 0  2019-02-19 13:42:56

I want to add some additions to above Patrick answer , the answer helped me, but there was another my mistake. When I add 

.antMatchers("/assets/css/**", "/assets/js/**", "/assets/img/**", "**/favicon.ico").permitAll();

error code with 403 changed to 404 . Because I forgot to add 

@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
    registry.addResourceHandler("/assets/**").addResourceLocations("/assets/");
}

I found this from another source . I hope somebody else will not repeat my mistake.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Error CORS Forbidden 403 Spring Boot With Spring Security when using Path Variable Unexpected 403 error when using Spring Security Error 403 on Spring Boot web API without Spring Security Getting a 403 for static resources in spring boot without using spring security 403 Forbidden - Spring security with spring boot Spring Boot error 403 when sending request 403 Forbidden for OpenApiSwagger in Spring Boot Security Cannot configure spring boot security - always 403 Spring boot security not authenticating when using @CrossOrigin Spring boot + spring boot security start error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM