Spring Boot 1.4 and Thymeleaf 2 Security

0
votes

I'm trying Spring Boot 1.4 and Thymeleaf 2. I want to secure my application. This is my security configuration:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/", "/resources/static/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }
}

This is my MVC controller:

@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/index").setViewName("index");
        registry.addViewController("/").setViewName("index");
        registry.addViewController("/login").setViewName("login");
    }    
}

However when I try to access localhost:8080 it shows index page without css, js! When I manually login via localhost:8080/login.html everything works OK. I obey the convention of Spring - Thymeleaf integration and static resources are under /resources/static and templates under /resource/templates.

What is the missing point for me?

EDIT:

It works with this way:

    http
        .authorizeRequests()
            .antMatchers("/css/**").permitAll()
            .antMatchers("/js/**").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
        .logout()
            .permitAll();

However, should I add all the folders under static resources with this way? It seems I miss something.

1
javaspringspring-mvcspring-securitythymeleaf
It's strange, but it works without further configuration when you put your css and js files in src/main/resources/static/resources - baao

1 Answers

1
votes

You should add css and javascript files to src/main/webapp

Now given your structure is as follows:

webapp
|__css/myStyles.css
|__js/myjs.js
|__images/myImage.gif
|__WEB-INF

Add this to your security configuration

@Override
public void configure(WebSecurity security) {
    security.ignoring().antMatchers("/css/**", "/fonts/**", "/libs/**", "/js/**", "/images/**");
}