0

I am working on Spring Boot security 3.2.1 and implemented JWT Authentication in my project. However, now I am not able to get my HTML pages which were working earlier. I have added these resource path in my Spring Security Config class but still it is returning me 403. Before implementing Spring Security, I was able to get my html files using URL - http://localhost:8080/expensemanager/html/application.html

Here is my Project Structure

enter image description here

Here is my Security Config class

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfiguration {

    private final JwtAuthenticationFilter jwtAuthenticationFilter;
    private final UserDetailsService userDetailsService;
    
    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        
        http
        .csrf(AbstractHttpConfigurer::disable)
        .authorizeHttpRequests(request -> { request
            
            // Registration Controller
            .requestMatchers("/registration/validateuserid").permitAll()
            .requestMatchers("/registration/registeruser").permitAll()
            
            // Auth Controller
            .requestMatchers("/auth/createtoken").permitAll()
            .requestMatchers("/auth/refreshtoken").hasAnyAuthority(Role.ADMIN.name(), Role.USER.name())
            
            // Master Controller
            .requestMatchers("/master/**").permitAll()
            
            // Resource Controller
            .requestMatchers("/login").permitAll()
            .requestMatchers("/registration").permitAll()
            .requestMatchers("/application").permitAll()
            .requestMatchers("/report").permitAll()
            
            // Report Controller
            .requestMatchers("/report/**").hasAuthority(Role.ADMIN.name())
            
            // Expense Controller
            .requestMatchers("/expense/**").hasAnyAuthority(Role.ADMIN.name(), Role.USER.name())
            
            .anyRequest().authenticated();
        })
        .sessionManagement(manager ->  {
            manager.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        })
        .authenticationProvider(authenticationProvider()).addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
    
        return http.build();
    }
    
    @Bean
    AuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
        authProvider.setUserDetailsService(userDetailsService);
        authProvider.setPasswordEncoder(passwordEncoder());
        
        return authProvider;
    }

    @Bean
    PasswordEncoder passwordEncoder() {
        
        return new BCryptPasswordEncoder();
    }
    
    @Bean
    AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
        
        return configuration.getAuthenticationManager();
    }
}

And Here is my Controller Class serving html files,

@RestController
@RequestMapping("/")
public class ResourceController {

    @GetMapping("/login")
    public ModelAndView getLoginPage() {
        
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.setViewName("html/login.html");
        return modelAndView;
    }
    
    @GetMapping("/registration")
    public ModelAndView getRegistrationPage() {
        
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.setViewName("html/registration.html");
        return modelAndView;
    }
    
    @GetMapping("/application")
    public ModelAndView getApplicationPage() {
        
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.setViewName("html/application.html");
        return modelAndView;
    }
    
    @GetMapping("/report")
    public ModelAndView getReportPage() {
        
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.setViewName("html/report.html");
        return modelAndView;
    }
}

And here is the response.

enter image description here enter image description here

Any help is really appreciated.

Improve this question

1 Answer 1

Reset to default
0

I was able to fix this by following the guide here https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html

Added below code in SpringSecurityConfig

//Permitting all my Dispatch Request
.dispatcherTypeMatchers(DispatcherType.FORWARD, DispatcherType.INCLUDE, DispatcherType.ERROR).permitAll()

//Allowing all my resources, which is present in public folder  
.requestMatchers("/bootstrap/**").permitAll()
.requestMatchers("/css/**").permitAll()
.requestMatchers("/error/**").permitAll()
.requestMatchers("/fontawesome/**").permitAll()
.requestMatchers("/fuse/**").permitAll()
.requestMatchers("/highcharts/**").permitAll()
.requestMatchers("/html/**").permitAll()
.requestMatchers("/images/**").permitAll()
.requestMatchers("/js/**").permitAll()
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.