/java/

Spring Boot. Static resource outside the security protection.

2015-12-13 23:05:59

If you want to use some style for your login page, for example style provider by bootstrap. You have to mark that static resource as outside the security protection.

I assume that you have something like this:

Configuration for static resource

package btbw.config;

import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

public class Profiles {
    public static final String DEVELOPMENT = "dev";
    public static final String PRODUCTION = "prod";
}

// -Dspring.profiles.active=prod
@Configuration
@Profile(Profiles.PRODUCTION)
class ConfigProduction extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http
            .authorizeRequests()
            .antMatchers(
                    "/lib/bootstrap/**",
                    "/css/**",
                    "/img/**",
                    "/js/**").permitAll()
            .anyRequest()
            .authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
        .logout()
            .permitAll();
        // @formatter:on
    }
}

// -Dspring.profiles.active=dev
@Configuration
@Profile(Profiles.DEVELOPMENT)
class ConfigDevelopment extends WebSecurityConfigurerAdapter {

    private static final Logger LOGGER = LoggerFactory.getLogger(Profiles.class);

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        LOGGER.info("Run DEVELOPMENT Security Configuration");
    }
}

important line is .antMatchers("/lib/bootstrap/**","/css/**","/img/**","/js/**").permitAll()