I started Spring Boot + Angular application and for now I want to deploy whole thing as a jar. So I created maven config, where angular app gets built and then is copied to /target/classes/resources
But every request to root (localhost:8080) gets blocked by security. When I disable it i can see the page, which means the whole thing is deployed correctly, but somehow spring does not allow me to see it. Here is my simple security config, I want static resources to be unprotected, while any other request requires authentication:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.anyRequest().authenticated()
.and().httpBasic();
}
}
EDIT: A minimal example of my problem is here: https://gitlab.com/jnowacki/security-issue-demo
EDIT 2: I tries all the things from this post: Serving static web resources in Spring Boot & Spring Security application Do I do something wrong on a conceptual level? Is it wrong to serve static content along with Spring Boot app?
Add this additional override:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(AUTH_WHITELIST);
}
where AUTH_WHITELIST
will contain the paths to be ignored. For instance:
private static final String[] SWAGGER_AUTH_WHITELIST = {
// -- swagger ui
"/v2/api-docs",
"/swagger-resources",
"/swagger-resources/**",
"/swagger-ui.html",
"/resources/**"
};
try below.
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**");
}
Use this method to allow static resources to be ignored by spring security
//this method allows static resources to be neglected by spring security
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**", "/static/**");
}
According to StaticResourceLocation
docs :
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
will permit access to CSS, JS, ICO, images and NOT to html .
To permit index.html
you can use following configuration:
http.authorizeRequests()
.antMatchers("/index.html", "/").permitAll()
.anyRequest().authenticated()
.and().httpBasic();
// extends WebSecrityConfiguratesAdapeter
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Overide
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, ALL_ESCAPE)
.antMatchers("*.js")
.antMatchers(")
.antMatchers(BOWER_COMPONENTS)
.antMatchers(I18N)
.antMatchers(CONTENT);
}
}
you must match real path, or example:
.pathMatchers("/assets/**", "/static/**")
.permitAll()ere
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.