0

TL;DR

The problem is, if I do something like http://localhost:8080/registerUser and then I go to http://localhost:8080/login and then I log in, it redirects to http://localhost:8080/style.css, but I have put that the .defaultSuccessUrl("home.html") and it works if I go to login on the first call. Seems like Spring tries to load the css and it does not have permision or something and then when I log in it tries to, and then the css works....

I have a problem with load css on my Spring project, I have it on : 

resources/static/styles.css

and if I don't add this line of code : 

@Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/resources/**").anyRequest();
    }

the anyRequest() did the trick, but now I can call the login page as I was doing before

http://localhost:8080/login

This login is the defualt form from Spring, if I remove the .anyRequest() it shows the login but doesn't load the css.

My full class is as follows : 

public class BaseSecurityConfig extends WebSecurityConfigurerAdapter {

    //Configure Spring security's filter chain
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/resources/**").anyRequest();
    }

    //Configure how requests are secured by interceptors
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                // order matters. First the most specific, last anyRequest()
                .antMatchers("/static/**").permitAll()
                .antMatchers("/h2-console/**").permitAll()
                .mvcMatchers("/registerUser").permitAll()
                .antMatchers("/").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin() //a login form is showed when no authenticated request
                .defaultSuccessUrl("/home.html")
                .and()
                .httpBasic()
                .and()
                .rememberMe()
                .tokenValiditySeconds(2419200)
                .key("auctions")
                .and()
                .logout()
                .logoutSuccessUrl("/bye.html");
        http
                .csrf().disable()
                .headers()
                .frameOptions().disable();
    }
}

What I'm missing?

EDIT

On my .html I do this :

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml"
      xmlns:th="http://www.thymeleaf.org" xmlns:form="http://www.w3.org/1999/html">
<head>
    <meta charset="UTF-8" />
    <link rel="stylesheet" type="text/css" th:href="@{../style.css}"/>
    <title>pewLas</title>
</head>
<body>
StuartDTO
  • 783
  • 7
  • 26
  • 72
  • How do you load your css ? What url ? – vbuhlev Nov 07 '17 at 20:00
  • If you are using spring boot please take a look to this [post](https://stackoverflow.com/questions/24916894/serving-static-web-resources-in-spring-boot-spring-security-application) . – atrunov Nov 07 '17 at 20:02
  • @atrunov I saw this post, but where do I create the css folder? which root? – StuartDTO Nov 07 '17 at 20:04
  • Check what this evaluates to. I guess that something like web.ignoring().antMatchers("/**/*.css") will do the trick. – vbuhlev Nov 07 '17 at 20:08
  • What do you mean with `Check what this evaluates to` ? – StuartDTO Nov 07 '17 at 20:48
  • I saw your edit. When you open the login page from the browser what is the href attribute of the stylesheet ? Your ant matcher is wrong, but I don't know the directory structure to help you. – vbuhlev Nov 07 '17 at 21:31
  • What is the url for accessing the css file with anyRequest() enabled ? E.g. http://localhost:8080/css/style.css, or something else ? – vbuhlev Nov 09 '17 at 11:03
  • localhost:8080/style.css – StuartDTO Nov 09 '17 at 12:01

1 Answers1

0

Regarding yours question

I saw this post, but where do I create the css folder? which root?

Please try "/resources/static/css/styles.css"

atrunov
  • 1
  • 1