1

My Spring Boot appliation will basically consist of two main "modules":

  • A "Web" Module that consists of static HTML pages, available to the public (unauthenticated/anonymouse users); and
  • An "App" Module that consists of a number of dynamic pages, each of which require (Spring Security-based) authentication to access

The basic app structure is:

  • index.html: Homepage, mapped from http://localhost:8080/
  • about.html: About page, mapped from http://localhost:8080/about
  • contact.html: Contact page, mapped from http://localhost:8080/contact
  • login.html: Login page, mapped from http://localhost:8080/login
  • dashboard.html: Dashboard/landing page you get to after logging in, mapped from http://localhost:8080/account
  • All other pages under http://localhost:8080/account/* will be MVC/dynamic pages with typical @RequestMapping mappings

What is not clear to me is, for the static ("public web") HTML pages, do I:

  • Just use standard controller-based @RequestMappings that render some Thymeleaf/Handlebars template (which simply has no data model since the content is static)? Or do I:
  • Treat these pages as static content (same as CSS/JS) and serve them as static content as Spring Boot prescribes? If this is the correct option, then how do I achieve the correct URL mappings (so, for example, users can just go to http://localhost:8080/contact instead of http://localhost:8080/contact.html)?
Improve this question
4
  • 1
    what technologie are you using in the authentification ? Commented May 28, 2016 at 13:15
  • Thanks @KamelMili (+1) - Spring Security, probably with a custom authentication/authorization realm. Commented May 28, 2016 at 18:49
  • 1
    Then spring security can handle your problem with web ignore or ant matcher if you like my solution i could post an answer to show how to deal with spring security configuration class else but anyway you'll be forced to make these pages work with thymeleaf because in these static web pages theres an authentification form who is handled by thymeleaf and spring security so if i understood your problem correctly you need to add them to your mvc resolver and add web ignore to these pages so you could access without authentification Commented May 28, 2016 at 23:37
  • Thanks again @KamelMili (+1) - yes if you post an answer showing a concrete code example of how to solve this with spring security, this mvc resolver and web ignore, I would graciously accept it! Thanks again! Commented May 29, 2016 at 1:20

1 Answer 1

Reset to default
2

okey first you need to map your views via mvc resolver like this : 

@Configuration
public class WebMVCconfig extends WebMvcConfigurerAdapter {

@Override
public void addViewControllers(ViewControllerRegistry registry) {
    registry.addViewController("/login").setViewName("login");
    registry.addViewController("/contact").setViewName("contact");

   }
}

after mapping your views we need add the views like /login in the antMatchers so am assuming you configuration method looks like this : 

 @Override
protected void configure(HttpSecurity http) throws Exception {
http

    .csrf().disable()   

    .authorizeRequests()
    .antMatchers("/contact","/about", ...).permitAll() //add your static pages here ( public pages ) 
    .anyRequest()
        .authenticated()        
            .and()
            .formLogin()
            .loginPage("/login")
            .permitAll()
            .successHandler(successHandler) // i don't think you'll be needing this it's to redirect the user if it's admin or a simple user 
            .and()  // this is for the logout   
            .logout()
            .invalidateHttpSession(true)
            .logoutUrl("/logout")
            .permitAll();   
}

after adding your view map in the antMatchers spring security wont handle authentification for those pages and that solves your problem

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thanks so much @Kamel Mili (+1) - one quick question if you don't mind: registry.addViewController("/login") returns a ViewControllerRegistration instance, whose setViewName(...) method expects a string (such as "login", etc.). What type of file is represented by this view name (an HTML file, a Thymeleaf template, etc.) and where do I place this file in my project? In other words: what file defines the "login" view? Thanks again!
it's a simple html page which begins like this <html xlmns:th="http://www.thymeleaf.org" xml:lang="fr"> and am assuming you did add thymeleaf in your pom.xml ,and you place your pages under the template folder so thymleaf could map to your views
Thanks @Kamel Mili (+1), but where is the "template folder" located in my project, under src/main/resources? Spring needs to know where to find the login view...so where (exactly) is it looking? Thanks again!
It s under src\main\resources\ ps are you sure you added your thymeleaf dependecies in your pom.xml
The template folder suppose to be in your project and not to be added does your project type is spring starter project

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.