I have implemented spring security in my jsf application. Everything is working fine except static resources require authentication. This is my configuration
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests()
.antMatchers("/register", "/resources/**").permitAll()
.anyRequest().authenticated()
.and().formLogin().loginPage("/login").permitAll()
.usernameParameter("username").passwordParameter("password")
.and().exceptionHandling().accessDeniedPage("/Access_Denied");
}
After doing some google search, most solutions was to add mvc resource tag.
<mvc:resources mapping="/resources/**" location="/resources/"
cache-period="31556926"/>
I found Similar annotation and added a configuration class for this
@Configuration
@EnableWebMvc
public class WebMvcConfig extends WebMvcConfigurerAdapter {
// equivalents for <mvc:resources/> tags
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**").addResourceLocations("/resources/").setCachePeriod(31556926);
}
// equivalent for <mvc:default-servlet-handler/> tag
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}
But still static resources require authentication. Some help would be nice about how to make this work.
Note: my resources are placed in /src/main/webapp/resources/{css|js|image}
. And the problem is if user is not logged in, effect of css, js does not show in the login page. After a user is logged in once, then come to login page after login, css effect appears.