I have a spring boot application that is not using spring security at all, and when some requests come through for static resources, the server returns a 403.
The spring boot application is running in a tomcat 9 server (not embedded). A lot of the requests triggering the 403 come from mobile devices. I have read a lot of articles about this issue but they all refer to the spring security implementation which I am not using.
Has anyone experienced this? Any help/suggestions would be greatly appreciated.
Here's my pom file:
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.valspar</groupId>
<artifactId>rest.valspar.com</artifactId>
<version>2.0</version>
<packaging>war</packaging>
<name>Valspar Web-Services</name>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.5.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<version.jdk>1.8</version.jdk>
<ms.sql.version>1.0</ms.sql.version>
<maven-git-code-format.version>1.31</maven-git-code-format.version>
</properties>
<dependencies>
<!-- SpringBoot Dependencies -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jersey</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<artifactId>logback-classic</artifactId>
<groupId>ch.qos.logback</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-oracle</artifactId>
<version>1.0.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-discovery/commons-discovery -->
<dependency>
<groupId>commons-discovery</groupId>
<artifactId>commons-discovery</artifactId>
<version>0.5</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.microsoft.sqlserver/mssql-jdbc -->
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
<version>6.4.0.jre8</version>
</dependency>
<!-- https://mvnrepository.com/artifact/wsdl4j/wsdl4j -->
<dependency>
<groupId>wsdl4j</groupId>
<artifactId>wsdl4j</artifactId>
<version>1.6.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.axis/axis -->
<dependency>
<groupId>org.apache.axis</groupId>
<artifactId>axis</artifactId>
<version>1.4</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-log4j -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j</artifactId>
<version>1.3.8.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.microsoft.sqlserver/sqljdbc41 -->
<dependency>
<groupId>com.microsoft</groupId>
<artifactId>sqljdbc4</artifactId>
<version>${ms.sql.version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.oracle/classes12 <dependency>
<groupId>oracle</groupId> <artifactId>ojdbc5</artifactId> <version>11.2.0.3</version>
</dependency> -->
<!-- Oracle JDBC driver -->
<dependency>
<groupId>com.oracle.database.jdbc</groupId>
<artifactId>ojdbc8</artifactId>
<version>12.2.0.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/javax.xml/jaxrpc -->
<dependency>
<groupId>javax.xml</groupId>
<artifactId>jaxrpc</artifactId>
<version>1.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.xml/serializer -->
<dependency>
<groupId>serializer</groupId>
<artifactId>serializer</artifactId>
<version>2.7.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.hibernate/hibernate-core -->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>${hibernate.version}</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>${hibernate.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/com.force.api/force-partner-api -->
<dependency>
<groupId>com.force.api</groupId>
<artifactId>force-partner-api</artifactId>
<version>44.0.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.smartystreets.api/smartystreets-java-sdk -->
<dependency>
<groupId>com.smartystreets.api</groupId>
<artifactId>smartystreets-java-sdk</artifactId>
<version>3.3.8</version>
<exclusions>
<exclusion>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.mindscapehq</groupId>
<artifactId>raygun4java</artifactId>
<type>pom</type>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>com.mindscapehq</groupId>
<artifactId>core</artifactId>
<version>1.3.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.ws.security/wss4j -->
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>1.5.6</version>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/org.pojava/datetime -->
<dependency>
<groupId>org.pojava</groupId>
<artifactId>datetime</artifactId>
<version>3.0.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/struts/struts -->
<dependency>
<groupId>struts</groupId>
<artifactId>struts</artifactId>
<version>1.2.9</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<finalName>wservices</finalName>
<sourceDirectory>src/main/java</sourceDirectory>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<filters>
<filter>${basedir}/ci/profiles/build-${build.profile.id}.properties</filter>
</filters>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>${version.jdk}</source>
<target>${version.jdk}</target>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>com.cosium.code</groupId>
<artifactId>maven-git-code-format</artifactId>
<version>${maven-git-code-format.version}</version>
<executions>
<!-- On commit, format the modified java files -->
<!-- Un-comment the following execution block for the first build of
the project. Revert to HEAD revision after project is built successfully
for the first time. -->
<!-- <execution> <id>install-formatter-hook</id> <goals> <goal>install-hooks</goal>
</goals> </execution> -->
<!-- On Maven verify phase, fail if any file (including unmodified)
is badly formatted -->
<execution>
<id>validate-code-format</id>
<goals>
<goal>validate-code-format</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
I ran the application as standalone (without external Tomcat) and the problem does not seem to occur. This is pointing more to an interaction between the two or tomcat 9 configuration issue.
The problem was a tomcat 9 mis-configuration with a security realm and had nothing to do with Spring. The security real was not connecting to the user database so it was blocking anything static.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.