Getting a 403 for static resources in spring boot without using spring security
Question
I have a spring boot application that is not using spring security at all, and when some requests come through for static resources, the server returns a 403.
The spring boot application is running in a tomcat 9 server (not embedded). A lot of the requests triggering the 403 come from mobile devices. I have read a lot of articles about this issue but they all refer to the spring security implementation which I am not using.
Has anyone experienced this? Any help/suggestions would be greatly appreciated.
Here's my pom file:
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.valspar</groupId>
<artifactId>rest.valspar.com</artifactId>
<version>2.0</version>
<packaging>war</packaging>
<name>Valspar Web-Services</name>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.5.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<version.jdk>1.8</version.jdk>
<ms.sql.version>1.0</ms.sql.version>
<maven-git-code-format.version>1.31</maven-git-code-format.version>
</properties>
<dependencies>
<!-- SpringBoot Dependencies -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jersey</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<artifactId>logback-classic</artifactId>
<groupId>ch.qos.logback</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-oracle</artifactId>
<version>1.0.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-discovery/commons-discovery -->
<dependency>
<groupId>commons-discovery</groupId>
<artifactId>commons-discovery</artifactId>
<version>0.5</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.microsoft.sqlserver/mssql-jdbc -->
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
<version>6.4.0.jre8</version>
</dependency>
<!-- https://mvnrepository.com/artifact/wsdl4j/wsdl4j -->
<dependency>
<groupId>wsdl4j</groupId>
<artifactId>wsdl4j</artifactId>
<version>1.6.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.axis/axis -->
<dependency>
<groupId>org.apache.axis</groupId>
<artifactId>axis</artifactId>
<version>1.4</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-log4j -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j</artifactId>
<version>1.3.8.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.microsoft.sqlserver/sqljdbc41 -->
<dependency>
<groupId>com.microsoft</groupId>
<artifactId>sqljdbc4</artifactId>
<version>${ms.sql.version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.oracle/classes12 <dependency>
<groupId>oracle</groupId> <artifactId>ojdbc5</artifactId> <version>11.2.0.3</version>
</dependency> -->
<!-- Oracle JDBC driver -->
<dependency>
<groupId>com.oracle.database.jdbc</groupId>
<artifactId>ojdbc8</artifactId>
<version>12.2.0.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/javax.xml/jaxrpc -->
<dependency>
<groupId>javax.xml</groupId>
<artifactId>jaxrpc</artifactId>
<version>1.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.xml/serializer -->
<dependency>
<groupId>serializer</groupId>
<artifactId>serializer</artifactId>
<version>2.7.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.hibernate/hibernate-core -->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>${hibernate.version}</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>${hibernate.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/com.force.api/force-partner-api -->
<dependency>
<groupId>com.force.api</groupId>
<artifactId>force-partner-api</artifactId>
<version>44.0.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.smartystreets.api/smartystreets-java-sdk -->
<dependency>
<groupId>com.smartystreets.api</groupId>
<artifactId>smartystreets-java-sdk</artifactId>
<version>3.3.8</version>
<exclusions>
<exclusion>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.mindscapehq</groupId>
<artifactId>raygun4java</artifactId>
<type>pom</type>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>com.mindscapehq</groupId>
<artifactId>core</artifactId>
<version>1.3.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.ws.security/wss4j -->
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>1.5.6</version>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/org.pojava/datetime -->
<dependency>
<groupId>org.pojava</groupId>
<artifactId>datetime</artifactId>
<version>3.0.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/struts/struts -->
<dependency>
<groupId>struts</groupId>
<artifactId>struts</artifactId>
<version>1.2.9</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<finalName>wservices</finalName>
<sourceDirectory>src/main/java</sourceDirectory>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<filters>
<filter>${basedir}/ci/profiles/build-${build.profile.id}.properties</filter>
</filters>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>${version.jdk}</source>
<target>${version.jdk}</target>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>com.cosium.code</groupId>
<artifactId>maven-git-code-format</artifactId>
<version>${maven-git-code-format.version}</version>
<executions>
<!-- On commit, format the modified java files -->
<!-- Un-comment the following execution block for the first build of
the project. Revert to HEAD revision after project is built successfully
for the first time. -->
<!-- <execution> <id>install-formatter-hook</id> <goals> <goal>install-hooks</goal>
</goals> </execution> -->
<!-- On Maven verify phase, fail if any file (including unmodified)
is badly formatted -->
<execution>
<id>validate-code-format</id>
<goals>
<goal>validate-code-format</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
I ran the application as standalone (without external Tomcat) and the problem does not seem to occur. This is pointing more to an interaction between the two or tomcat 9 configuration issue.
1 answers
solution1
0 2020-10-09 14:20:28
The problem was a tomcat 9 mis-configuration with a security realm and had nothing to do with Spring. The security real was not connecting to the user database so it was blocking anything static.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Static web resources in Spring Boot + Spring Security + Thymeleaf
Error 403 on Spring Boot web API without Spring Security
Spring Boot Static Resources
Error 403 on image when using Spring Boot + Spring Security
spring boot security block static resources after https
403 Forbidden - Spring security with spring boot
Spring Security 404 Static Resources
Spring Boot not loading static resources
Spring BOOT static resources mapping
Spring Boot static resources are not available
Related Tags