I have a problem using css on web pages using spring security (version 3.0.7). I have the following configuration:
<http auto-config="true" use-expressions="true"> <intercept-url pattern="/faces/resources/**" filters="none"/> <intercept-url pattern="/faces/inicio.xhtml" access="permitAll"/> <intercept-url pattern="/faces/paginas/autenticacion/login.xhtml*" access="permitAll"/> <intercept-url pattern="/faces/paginas/administracion/**" access="isAuthenticated()"/> <intercept-url pattern="/faces/paginas/barco/**" access="isAuthenticated()"/> <intercept-url pattern="/faces/paginas/catalogo/**" access="permitAll"/> <intercept-url pattern="/faces/paginas/error/**" access="permitAll"/> <intercept-url pattern="/faces/paginas/plantillas/**" access="permitAll"/> <intercept-url pattern="/**" access="denyAll" />
By default, I deny access to all pages. Then I apply authorization to specific pages that define their URL patterns, and they are applied first in this order, being the last denyAll rule.
- "inicio.xhtml" is the main page.
- "login.xhtml" is the login form.
- "administracion" and "barco" contain pages that should only be accessed through authenticated users.
- The catalogo directory contains pages that everyone should access.
- "error" contains pages with application errors.
- The "plantillas" directory contains app template layout pages (I use JSF2).
The "resources" directory contains images, css files and javascript. Therefore, in the first line I will talk about spring security, so as not to use a security filter for it.
However, with this configuration, when I run the application, CSS styles do not apply to pages!
I checked that if I go back to the default authorization for "allowAll", it will work. But I do not want to do this because it is not a good practice.
Any idea why not working? I think this should work.
source share