Spring security does not allow CSS or JS resources to be loaded

Solution 1:

You probably want to make sure to have your directory containing those items set as permitAll.

Here's an excerpt from my spring security context file. Under the resources directory, I have js, css, and images folders which are given permissions by this line.

<security:intercept-url pattern="/resources/**" access="permitAll" />

Solution 2:

For some reason, this did not work for me:

http.authorizeRequests().antMatchers("/resources/**").permitAll();

I had to add this:

http.authorizeRequests().antMatchers("/resources/**").permitAll().anyRequest().permitAll();

Also, this line has to be after the code which restrics access.

Solution 3:

Add following

@Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/resources/**").anyRequest();
    }

Solution 4:

you can also use directly like "/*.js" for specific file or "/resources/**" for directory

 http.authorizeRequests()
                .antMatchers("/", "/login", "/logout", "/error").permitAll()
                .antMatchers("/resources/**").permitAll()
                .antMatchers("/*.js").permitAll()
                .antMatchers("/api/**").authenticated()

Solution 5:

I had the same problem and the permitAll() solution didn't work for me. I added the following @Overridemethod to my WebSecurityConfigclass.

@Override
public void configure(WebSecurity web) throws Exception {
    web
            .ignoring()
            .antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/img/**", "/icon/**");
}

Good Luck!