spring boot security static resources

Question

I write app in Spring Boot, Spring Security with Thymeleaf and I try to get access my static resource file...

This is my project structure...

    .
    ├── mvnw
    ├── mvnw.cmd
    ├── nb-configuration.xml
    ├── pom.xml
    ├── src
    │   ├── main
    │   │   ├── java
    │   │   │   └── com
    │   │   ├── resources
    │   │   │   ├── application.properties
    │   │   │   ├── static
    |   |   |   |    |---------------------------------this is image.jpg
    │   │   │   ├── templates
    │   │   │   └── ValidationMessages.properties
    │   │   └── wro
    │   │       ├── css
    │   │       ├── fonts
    │   │       ├── js
    │   │       ├── scss
    │   │       ├── wro.properties
    │   │       └── wro.xml
    │   └── test
    │       └── java
    │           └── com

I have HTML file in templates/index.html where i try use tag

     <img src="/praca.jpg" alt="sd"/>

Why I always get 404 error ? Where I do something wrong ??

My general init class:

    @SpringBootApplication
    public class Application extends WebMvcConfigurerAdapter {

        public static void main(String[] args) {
            SpringApplication.run(InzynierkaApplication.class, args);
        }
    }

My security class:

    @Configuration
    public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

        @Autowired
        private UserAuthenticationDetails userAuthenticationDetails;

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.userDetailsService(userAuthenticationDetails);
            auth.authenticationProvider(authenticationProvider());
        }

        @Bean
        public PasswordEncoder passwordEncoder() {
            return new BCryptPasswordEncoder();
        }

        @Bean
        public DaoAuthenticationProvider authenticationProvider() {
            DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
            authenticationProvider.setUserDetailsService(userAuthenticationDetails);
            authenticationProvider.setPasswordEncoder(passwordEncoder());
            return authenticationProvider;
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable()
                    .authorizeRequests()
                    .antMatchers("/","/login").permitAll()
                    .anyRequest().authenticated()
                    .and()
                    .formLogin()
                    .loginPage("/login")
                    .usernameParameter("username")
                    .passwordParameter("password")
                    .defaultSuccessUrl("/",true)
                    .and()
                    .logout()
                    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                    .logoutUrl("/logout")
                    .logoutSuccessUrl("/login?logout")
                    .invalidateHttpSession(true);
        }

    }

Just to confirm, does the entire page return a 404 or just the image asset? — Kyle Anderson, Nov 15 '16 at 22:15
404 return just a image asset. Other content load successfully. — technics, Nov 16 '16 at 17:35

score 1 · Answer 1 · answered Nov 16 '16 at 13:28

1

In your template you need to use the thymeleaf format to add automatically the context by yourself. Use this:

<img th:src="@{/praca.jpg}" alt="sd"/>

/praca.jpg

should be the full path to the image from the static or public folder

answered Nov 16 '16 at 13:28

cralfaro

5,822
3
20
30

score 0 · Answer 2 · answered Mar 04 '17 at 02:28

I had a similar issue and the problem was with spring security, so anyone having this issue can try adding the folders where their static files are to the list of URLs that do not require authentication E.g antMatchers("/css/**", "/fonts/**").permitAll()

score 0 · Answer 3 · answered Aug 04 '18 at 19:17

This is how I do static resources in Spring Boot, in your WebConfig class or the class that extends WebMvcConfigurerAdapter, add this:

@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {
    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/resources/**")
                .addResourceLocations("/resources/");
    }
}

Then, in resources create an static folder where you put all the static files or folders like resources/css, resources/js, etc

From your view you can access it like this for example:

 <link rel="stylesheet" href="${pageContext.request.contextPath}/css/skin-black.css">

If you are using Spring Security make sure you add the antMatchers

.antMatchers("/resources/**").permitAll()
.antMatchers("/css/**").permitAll()
.antMatchers("/js/**").permitAll()

spring boot security static resources

3 Answers3

Linked