8

I'm using this link to configure security and spring-boot as base for other. But static resource handler provided by spring-boot is executed before security settings. So if I send POST request, static content handler respond me that method POST not supported. If I request GET method, static response handler catch it and try to find resourse. So any requests catched by static content handler and not go to security filters.

How can I disable static content filters/handlers provided by spring-boot?

Community
  • 1
  • 1
Lunigorn
  • 1,340
  • 3
  • 19
  • 27

1 Answers1

20

If you are using Spring Boot 2.4.0 or later, you can disable the static resource handling by setting spring.web.resources.add-mappings=false in your application.properties file. In earlier versions of Spring Boot, the property is spring.resources.add-mappings.

With that out of the way, are you sure that it will resolve your problem? Spring Security runs as a filter before the static resource handling and I doubt that disabling the resource handling will help. Perhaps it'll make it easier to identify the underlying problem, though.

Andy Wilkinson
  • 108,729
  • 24
  • 257
  • 242
  • 3
    spring.resources.add-mappings does not completely disable resource handling. It has the effect that no ResourceHandler is added automatically, but you can still add them manually by WebMvcConfigurerAdapter.addResourceHandlers. – Gustave Mar 21 '18 at 14:25
  • 5
    On newer versions of spring, the property name is 'spring.web.resources.add-mappings' – Tonsic Jul 24 '21 at 20:16