How to fix access to resources using spring security?
Question
I just copied login/register form with spring security from web and i have huge problems. I want make all resources PUBLIC for all, because after 5 hours i totally don't know what is f****** going on with this spring security.
Ok here is my configure method 1:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
...
...
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// URLs matching for access rights
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/register").permitAll()
.antMatchers("/DBDesign").permitAll()
.antMatchers("/index").permitAll()
.antMatchers("/admin/**").hasAuthority("ADMIN")
.antMatchers("/user/**").hasAuthority("USER")
.anyRequest().authenticated()
.and()
// form login
.csrf().disable().formLogin()
.loginPage("/login")
.failureUrl("/login?error=true")
.successHandler(sucessHandler)
.usernameParameter("email")
.passwordParameter("password")
.and()
// logout
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").and()
.exceptionHandling()
.accessDeniedPage("/access-denied");
}
configuration method 2:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**", "/static/**", "/common/**", "/js/**", "/images/**");
}
}
configuration method 3:
@Configuration
public class WebMvcConfig implements WebMvcConfigurer{
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry
.addResourceHandler("/webjars/**", "/static/**", "/templates/**")
.addResourceLocations("/webjars/", "classpath:/static/", "classpath:/templates/");
}
}
I am 100% sure that one of these methods is responsible for managing the directories that are to be available before logging in and which are not. Guys please can someone explain how exactly this work? Look this is my temporary file structure:
green --- i have access
red --- i dont have access
I can copy and paste path to "green" files and see what is inside, but if i am trying to do the same thing for red files... error 404. How is this possible? Only those 2x dont have permission.
1 answers
solution1
1 ACCPTED 2019-12-30 16:35:01
The resourcehandler /static/** points to classpath:/static/
So the security-filter should ignore requests to /sidebar/** , ....
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/sidebar/**","/diagramER/**", .....);
}
Then you can use in your pages something like
<html lang="en">
<head>
....
<script src="/sidebar/js/main.js" ></script>
<script src="/diagramER/DBDesign.js" ></script>
<link rel="stylesheet" type="text/css" href="/sidebar/common/style.css">
</head>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.