I'm trying out Spring Boot for the first time and I'm stuck with an error 403 that I can't figure out how to get around
I've created an admin page using thymeleaf:
<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>The Link Application</title>
<link rel="stylesheet" href="css/bootstrap.min.css"/>
</head>
<body>
<nav class="navbar navbar-default">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle Navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">
<img src="img/Company-logo-sm-header.png" />
</a>
</div>
</div>
</nav>
...
The CSS loads perfectly and is located at src/main/resources/static/css
, the image that's giving me the error 403 is located at src/main/resources/static/img
This is my Application
class:
@Configuration
@ComponentScan
@EnableAutoConfiguration
public class Application {
public static void main(String[] args) throws Exception {
SpringApplication.run(Application.class, args);
}
}
I've got an MVC Config class:
@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/home").setViewName("home");
registry.addViewController("/").setViewName("home");
registry.addViewController("/hello").setViewName("hello");
registry.addViewController("/login").setViewName("login");
}
}
And a security config which I'm not sure if I'm using it correctly, antMatchers(...).permitAll()
to me seems like it should allow images:
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/public/**", "/resources/**","/resources/public/**").permitAll()
.antMatchers("/", "/home", "/link").permitAll()
.antMatchers("/css/**", "/js/**", "/img/**", "**/favicon.ico").anonymous()
.antMatchers("/admin").hasRole("ADMIN")
.anyRequest().authenticated().and()
.formLogin().loginPage("/login").permitAll().and()
.logout().permitAll();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("admin").password("admin").roles("USER", "ADMIN").and()
.withUser("user").password("user").roles("USER");
}
}
I'm using Spring Boot 1.3.3 I don't have a public directory in /src/main/resources
, all my static content is going into /src/main/resources/static
, css is going into the css subfolder, js is going into the js subfolder and they both work fine when doing <link rel="stylesheet" href="css/bootstrap.min.css"/>
or <script src="js/jquery-2.2.1.min.js"></script>
Any idea why my image in /src/main/resouces/static/img
is giving me an error 403 and the CSS in /src/main/resouces/static/css
and JS in /src/main/resouces/static/js
are not?
I think it's just your security config that needs work.
You don't need this line since that's just where the static assets are being served from. It's not a path that will be accessible.
.antMatchers("/public/**", "/resources/**","/resources/public/**").permitAll()
As for this line, try change .anonymous()
to .permitAll()
and you should be able to access the images.
.antMatchers("/css/**", "/js/**", "/img/**", "**/favicon.ico").anonymous()
I want to add some additions to above Patrick answer , the answer helped me, but there was another my mistake. When I add
.antMatchers("/assets/css/**", "/assets/js/**", "/assets/img/**", "**/favicon.ico").permitAll();
error code with 403
changed to 404
. Because I forgot to add
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/assets/**").addResourceLocations("/assets/");
}
I found this from another source . I hope somebody else will not repeat my mistake.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.