Spring Security 3 does not support the use of static resources

I am facing difficulty in configuring static resources (such as js, css, images) in spring security 3. Here is my configuration file:

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
              http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
              http://www.springframework.org/schema/security 
              http://www.springframework.org/schema/security/spring-security-3.1.xsd">



    <bean id="authenticationEntryPoint"
        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <property name="loginFormUrl" value="/login.htm" />
    </bean>

    <security:http security="none" pattern="/js/ajaxScript.js"/>   
    <security:http security="none" pattern="/js/commonScript.js"/>  

    <bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />

    <security:http auto-config="false" entry-point-ref="authenticationEntryPoint" disable-url-rewriting="true" use-expressions="true">

        <security:custom-filter position="FORM_LOGIN_FILTER"
            ref="customAuthenticationProcessingFilter" />

<!--        <security:intercept-url pattern="/js/jquery.min.js" access="isAuthenticated()" /> -->
<!--        <security:intercept-url pattern="/js/**/**" access="permitAll" />  -->
        <security:intercept-url pattern="/displayAdminPage.htm" access="hasRole('ROLE_ADMIN')" />
        <security:access-denied-handler ref="accessDeniedHandler" />

    </security:http>

    <security:authentication-manager alias="authenticationManager">
       <security:authentication-provider user-service-ref="customUserDetailService">
       </security:authentication-provider>
    </security:authentication-manager> 

    <bean id="customUserDetailService" class="com.qait.cdl.services.impl.UserSecurityServiceImpl">
        <property name="userDao" ref="userDao"/>
       </bean>

    <bean id="customAuthenticationProcessingFilter"
        class="com.qait.cdl.services.impl.CustomAuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager" />
    </bean>

    <bean id="accessDeniedHandler"
        class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
        <property name="errorPage" value="/WEB-INF/jsp/customLoginForm/denied.jsp" />
    </bean>
</beans> 

I'm unsure where the issue lies. I need all js, images, and css files to be exempt from spring security. The JS files are located in the webapp/js and webapp/js/commonScript folders, while the images are in the webapp/images folder.

Below is my web.xml configuration:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    id="WebApp_ID" version="2.5">
    <display-name>cdl</display-name>
    <servlet>
        <servlet-name>dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <servlet>
        <servlet-name>startUpServlet</servlet-name>
        <servlet-class>com.qait.cdl.commons.startup.StartUpServlet</servlet-class>
        <load-on-startup>2</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>startUpServlet</servlet-name>
        <url-pattern>/startUpServlet.htm</url-pattern>
    </servlet-mapping>

    <welcome-file-list>
        <welcome-file>redirect.jsp</welcome-file>
    </welcome-file-list>

    <context-param>
        <param-name>CDL_ENV</param-name>
        <param-value>staging</param-value>
    </context-param>

    <listener>
        <listener-class>com.qait.cdl.commons.startup.CdlContextListner</listener-class>
    </listener>

    <!-- Session timeout -->
    <session-config>
        <session-timeout>600</session-timeout>
    </session-config>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <context-param>
     <param-name>contextConfigLocation</param-name>
     <param-value>
     WEB-INF/applicationContext.xml
<!--      WEB-INF/SpringSecurityConfig.xml -->
     WEB-INF/dispatcher-servlet.xml
     </param-value>
    </context-param>

</web-app>

Answer №1

Latest information:

After reviewing the recent changes, it appears that the issue lies in the static resource mapping. To resolve this, it is necessary to include a static resource mapping in the spring configuration file since all requests are directed to the dispatcher servlet.

Below is the code snippet that needs to be added to the dispatcher-servlet.xml file:

<mvc:resources mapping="/js/**" location="/js/" />

Answer №2

In my case, the resolution was to incorporate the following:

In the applicationContext.xml file (specifically in the dispatcher-servlet section), include the following tag:

<mvc:resources mapping="/js/**" location="/js/" />

Additionally, if Spring Security is implemented in the project, add the following tag to the spring-security.xml file:

<http pattern="/js/**" security="none" />

This approach was taken while utilizing Spring and Spring Security 3.1

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Is there an easy method to compare the CSS styles of a specific section in HTML?

Currently, I am facing an issue where the size of a specific area on my asp.net page changes after a post-back. It seems that the style applied to this area is being altered for some reason. This situation has raised the question in my mind - is there a m ...

Using JavaScript, retrieve the current time from the client's device with a timer counter

I'm having trouble with my website. I created a countdown timer using PHP code and JS. The issue arises when I try to calculate the real end time based on "end time from DB - server current time + client time" and then echo it. Instead of getting the ...

Updating borderWidth dynamically in react native fails to produce the desired effect

Here is the code I am working with: const [focused, setFocused] = useState(false); <TextInput style={{ ...styles.inputStyles, borderColor: `${focused ? colors.darkPurple : "#b8b8b850"}`, borderWidth: `${focused ? 3 : 1}`, }} placeh ...

Selenium can be used to locate elements between two specific spans

I'm on a mission to locate specific text within this HTML code using Selenium <span class="value"> Receiver 1 <br> </span> Is there a way to make it more straightforward, like perhaps using span[class=value]? ...

Only apply prevent default on specific levels for better control

I am currently working on a menu with submenus. I am facing an issue where when I click on a top-level menu item, I need to use prevent default because they are anchor tags. However, for the submenu items, I do not want to prevent default behavior. I am st ...

Resolving DataTables Error

Here is my JavaScript code snippet. <link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/1.10.12/css/jquery.dataTables.min.css"> <link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/buttons/1.2.1/css/but ...

What is the procedure for closing a snackbar when the close button is clicked?

I am having trouble closing a snackbar when the close button is clicked. The snackbar should initially pop up on page load and only close when manually triggered. I have set the timeout to zero, but the snackbar does not close when the close button is clic ...

How can I adjust the size and width of the autofocus cursor inside an input box using Angular?

How can I modify the height and width of the cursor in an input field with auto focus? app.component.html <input class="subdisplay" [ngModel]="input | number" type="text" (keyup)="getValue(box.value)" name ...

Retrieving localStorage data from another webpage

I recently created an account and I hope my question is clear. I have two separate pages on my website - one for a menu and the other for an HTML game. The menu has two buttons, one to start a new game and the other to continue from where you left off. How ...

"Can you provide guidance on binding data in vue.js when there is a dash (-) in the key of the JSON

My JSON data is structured as follows: { "color-1": "#8888", "color-2": "#000" } I am attempting to bind this variable with a style tag for a Vue component. However, my current approach seems to not be functioning as expected. <div v-bind:sty ...

transmit a binary image to a modal using Angular

I am facing an issue with my code where I am unable to pass a binary image to a modal. The image displays correctly as a jpeg in the view, and I need it to display the same way in the modal as well. View <h4 style="color: #3953a5; font-size:22px;"&g ...

Making modifications to the database will trigger real-time updates in the web interface. How is it possible to achieve this seamlessly?

Can someone please help me understand how to automatically insert news or new events from a Facebook page as an event in a webpage? I am a programmer and currently, the data is retrieved from the database using AJAX without reloading the page. However, I ...

Issues with positioning images using media queries

Can anyone help me center an img when the viewport width is 320px? I've attempted different approaches but so far, nothing has been successful. .logo { width: 55px; height: 55px; margin: 10px 0 10px 30px; float: left; } @media only screen a ...

Rows per page options fail to display in the DataTable component

I need to display a dropdown selector for rows per page in the DataTable component from PrimeVUE. This is the sample HTML code I currently have for the DataTable: <DataTable :value="comunicaciones" :paginator="true" :rows="numFilas" :rowsPerPageOption ...

Display additional information upon hovering without disrupting the neighboring elements

When I hover over a component, I want to display more details and scale it up. However, this action ends up displacing the surrounding components. Take a look at the screenshot for reference: https://i.sstatic.net/ElXvk.jpg Below is the code snippet wher ...

Can JSON be parsed using JavaScript?

Is it feasible to utilize JavaScript to parse information from an external URL hosting a JSON file on a different domain? The JSON data sample below shows various URLs with associated "q" values that I am interested in extracting. [{"url":"http://websit ...

The challenge of aligning widgets in bootstrap panels across different browsers

Incorporating angularjs and bootstrap3, I'm in search of the best way to center widgets within a panel and achieve responsive behavior. Interestingly, the results vary across browsers, particularly in Firefox. Within my code, I have 4 column divs str ...

Preventing special characters in an input field using Angular

I am trying to ensure that an input field is not left blank and does not include any special characters. My current validation method looks like this: if (value === '' || !value.trim()) { this.invalidNameFeedback = 'This field cannot ...

Issues with jQuery Progress Bar Functionality

As a beginner in jQuery, I am currently working on creating an interactive progress bar using jQuery. My goal is to provide a set of checkboxes on a webpage so that when a visitor checks or unchecks a checkbox, the value displayed on the progress bar will ...

Executing a cloud function in Firebase from an Angular-Ionic application by making an HTTP request

I am a newcomer to GCP and app development, so please bear with me if this question seems mundane. Currently, I have an angular-ionic app that is connected to Firebase allowing me to interact with the Firestore database. Now, my challenge is to invoke a ht ...