1

I am working on a Struts 2 + Tiles + Spring Security 3 application and I am not able to load any css, image and scripts. They resources are all deloyed into to 'publish' folder. The application works fine, excepts it does not load any of these.

Here's my Spring Security mapping. The resources are under /static/images and /static/css etc, and the jsp pages are within /WEB-INF/pages/.. WEB-INF and static are on same hierarchy.

<property name="securityMetadataSource">
        <security:filter-security-metadata-source>

            <security:intercept-url pattern="/admin/**"
                access="ROLE_ADMIN" />
            <security:intercept-url pattern="**/"
                access="ROLE_ANONYMOUS,ROLE_ADMIN" />                   

        </security:filter-security-metadata-source>
    </property>

There isn't any reference to these folders in either struts.xml or tiles.xml because they're not rendered via action calls.

Web.xml looks like this:

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
    /WEB-INF/classes/app-context.xml
    /WEB-INF/classes/security-context.xml
    </param-value>
</context-param>
<context-param>
    <param-name>org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG</param-name>
    <param-value>/WEB-INF/classes/tiles/tiles.xml</param-value>
</context-param>

<!-- =======================================================  -->
<!-- FILTER.                                                  -->
<!-- =======================================================  -->
<!--Spring Security filter -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>


<filter>
    <description>struts2</description>
    <display-name>struts2</display-name>
    <filter-name>struts2</filter-name>
    <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>

<filter>
    <description>action2-cleanup</description>
    <display-name>action2-cleanup</display-name>
    <filter-name>action2-cleanup</filter-name>
    <filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
</filter>

 <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>struts2</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>action2-cleanup</filter-name>
    <url-pattern>/action2-cleanup</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>action2-cleanup</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<!-- =======================================================  -->
<!-- Listeners                                                -->
<!-- =======================================================  -->
<listener>              
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- <listener>             
    <listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class>

</listener> -->

<servlet>
<servlet-name>tiles</servlet-name>
<servlet-class>org.apache.tiles.web.startup.TilesServlet</servlet-class>

<load-on-startup>2</load-on-startup>

I am trying to load images via any one of these just to see if they load:

<img src="<s:url value='./static/images/btn_add.gif' />"  />
<img src="<s:url value='/static/images/btn_add.gif' />"  />
<img src="../static/images/btn_add.gif"  />
<img src="../../static/images/btn_add.gif" />       

<s:submit action="item_add" type="image"                src="./static/images/btn_add.gif" />

None of these work. I tried various other urls from by debugging with firebug, still nothing.

Can someone explain to me what I am missing? I used spring 3.0.5.Release version and then tried to using 3.0.3.Release version. Neither worked.

No errors. It just does not display. Yes, I did clear the browser cache and even tried on a different browser.

After your feedback:: EDIT 1

Hmm.. that stll didn't do it.

I see these at output:

2012-09-12 11:39:59,268 DEBUG [DefaultFilterInvocationSecurityMetadataSource.java:173] : Converted URL to lowercase, from: '/static/images/btn_add.gif'; to: '/static/images/btn_add.gif'

2012-09-12 11:39:59,270 DEBUG [DefaultFilterInvocationSecurityMetadataSource.java:200] : Candidate is: '/static/images/btn_add.gif'; pattern is /static/**; matched=true 2012-09-12 11:39:59,271 DEBUG [AbstractSecurityInterceptor.java:191] : Secure object: FilterInvocation: URL: /static/images/btn_add.gif; Attributes: [ROLE_ANONYMOUS, ROLE_ADMIN] 2012-09-12 11:39:59,271 DEBUG [AbstractSecurityInterceptor.java:292] : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@52a05099: Principal: anonymous; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 978365092A5784AEBC711B8F588029A3; Granted Authorities: ROLE_ANONYMOUS 2012-09-12 11:39:59,272 DEBUG [AffirmativeBased.java:53] : Voter: org.springframework.security.access.vote.RoleVoter@8efd67, returned: 1 2012-09-12 11:39:59,272 DEBUG [AbstractSecurityInterceptor.java:213] : Authorization successful

What is http namespace? <security:http pattern="/static/**" security="none" />

Here is my security xml namespaces:

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

security does not allow "http" attribute.

Mukus
  • 4,870
  • 2
  • 43
  • 56

1 Answers1

2

Since you are using spring security, you should ensure that security is disabled for static assets

<security:http pattern="/static/**" security="none" />

Then you should be able to render correctly static resource using

<img src="<s:url value='/static/images/btn_add.gif' />"  />

Remarks on your first edit:

http is not a namespace, security is. Web security services are configured using the <http> element (<security:http>). security is the namespace for configuring spring-security inside spring xml configuration files, refering to http://www.springframework.org/schema/security and a specific xsd http://www.springframework.org/schema/security/spring-security-3.1.xsd (for Spring 3.1).

As we can see in your logs, the filter has been correctly taken into account, and your image has been correctly matched by the pattern /static/** and access has been granted, so it should be rendered.

You may want to try the filters="none" attribute on the http-intercept element for spring 3.0.x because as I am reading the docs I'm not sure that ` is valid for Spring 3.0.x, but only for 3.1+.

Try with (see this page for details):

<http ...>
    <intercept-url pattern="/static/**" filters="none" />
</http>

If this does not work, can you check with your browser (for example with Chrome) using Web development tools what is the error for loading the given image ? 404 Not found? 403 Unauthorized? Something else?

Alex
  • 25,147
  • 6
  • 59
  • 55
  • If this works, I will have to pay you $$ for saving my life! :) – Mukus Sep 12 '12 at 05:30
  • thanks for your prompt reply. I am looking at that same doc. I get 404 errors. I am thinking it is more to do with tiles or struts config at this stage because authentication is working. Or perhaps it is something in the application deployment descriptor. – Mukus Sep 12 '12 at 06:54
  • Alex.. I think this may be an IDE issue. I am using STS 2.9. I had expeirence working on RAD 6 where I had to manually delete the publish folder. I will look into this. – Mukus Sep 12 '12 at 07:11
  • I've solved the issue. But not the way I wanted to and I don't know if this is such a good idea. I moved the entire static folder to within src/main/resources folder. This folder is in the classpath. I display images in a number of ways.. The best way I feel is "./static/images/btn_add.gif" and what you've menttioned above and the worst is "../static/images/btn_add.gif". I wish I could vote up, but I lost my old user/pass and am using facebook login. I don't have enough credits. But I am going to accept your answer since it works! – Mukus Sep 12 '12 at 07:29
  • With spring mvc you could have used the ` ` element in your spring config to add a sort of alias URL for the `resources` directory of your project, but I don't know the equivalent using Struts. The best would be to reference static contents from `/` and not from its real location using `../` because you would end up modifying path if you were to move jsp or struts action URLs. – Alex Sep 12 '12 at 07:50