I’m adding spring security to the web site My goal is to show all images, home.html, and index.html to all users (without logging in).
I’ve allowed all requests for images and home and index pages, but still anonymous users cannot proceed to the home page without logging in
My security config Java
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/admin").hasRole("ADMIN")
.antMatchers("/", "home", "index").permitAll()
.antMatchers("/styles.css", "/css/**", "/js/**", "/fonts/**", "/images/**").permitAll()
.anyRequest().hasRole("USER")
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?login_error=1")
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/")
.permitAll();
}
My index.html page
<!doctype html>
<html lang="en"
xmlns="http://www.w3.org/1999/xhtml"
xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<body>
<a href="login" class="btn btn-outline-danger btn-lg">login page </a>
<a href="home" class="btn btn-outline-danger btn-lg">home page</a>
</body>
</html>
Have you tried refactoring like this: .antMatchers("/", "home", "index").permitAll()
-> .antMatchers("/", "/home", "/index").permitAll()
?
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments