I'm trying to make Spring Security permit access to static resources to all users, but for now nothing works. When I used jsp in previous project, the solution was simple:
http
.authorizeRequests()
.antMatchers("/static/**").permitAll()
.anyRequest().authenticated()
Static folder was placed inside webapp folder which was the root folder and was easily detected by Spring Security. Now, because of Thymeleaf, there is no webapp folder and all the static folders are placed into src/main/resources. I have no idea, how to create antMatcher for something that is inside resources folder... I tried that:
http
.authorizeRequests()
.antMatchers("resources:/static/**").permitAll()
.anyRequest().authenticated()
It never worked. What is the solution? ps. I have seen a statement that Spring Boot + Spring Security allows this intra-resources access by default, but it does not.