У меня проблема с тем, что я работаю весь день, пытаясь решить проблему. Я только что перевел мое веб-приложение весны mvc с версии 3.0.5.RELEASE до 3.1.0.RELEASE и обнаружил, что поведение весенней безопасности отличается от того, что я настроил.stop spring security блокировка доступа к папке с моими ресурсами
Моя ошибка проявляется при попытке загрузить мою страницу входа. Ошибки ошибки типа документа ...
Но после того, как сделал некоторые исследования, я пришел, чтобы понять, что сообщение об ошибке говорит мне, что CSS и JS ресурсы Я пытаюсь загрузить в моей странице входа не может быть найден (или мой случай весенней безопасности не дает им доступа).
Я пробовал весь день, чтобы настроить файлы безопасности весны, чтобы разрешить доступ к ресурсам css и js, но не может получить правильную конфигурацию. Было бы очень полезно помочь.
Вот мой проект структура ...
Tomcat Webapps>
>ReportingManager
>WEB-INF
>pages
>spring-application-context.xml
>spring-security.xml
>spring-database.xml
>spring-resources.xml
>spring-managers.xml
>resources
>css
>images
>reports
Вот мой web.xml ...
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-application-context.xml</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Вот моя весна-security.xml файл ....
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:global-method-security secured-annotations="enabled" />
<http pattern="/**/*.css" security="none" />
<http pattern="/**/*.js" security="none" />
<http pattern="/**/*.png" security="none" />
<http pattern="/**/*.jpg" security="none" />
<http pattern="/**/*.gif" security="none" />
<security:http auto-config="true">
<!-- Login and log out -->
<security:form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<security:logout logout-success-url="/logout" />
<intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_LEVEL7" />
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_LEVEL7" />
<intercept-url pattern="/welcome" access="ROLE_LEVEL7" />
<intercept-url pattern="/priceOverride" access="ROLE_LEVEL7" />
</security:http>
<!-- Authentication -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="userDetailsDao">
<security:password-encoder hash="md5" />
</security:authentication-provider>
</security:authentication-manager>
</beans>
И только для полноты здесь мой контекст применения ....
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<!-- import XML fragments to use in the application context -->
<import resource="spring-database.xml" />
<import resource="spring-resources.xml" />
<import resource="spring-managers.xml" />
<import resource="spring-security.xml" />
</beans>
А также мой MVC-диспетчерский-servlet.xml ...
<context:component-scan base-package="com.myer.reporting.controller" />
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<mvc:resources mapping="/resources/**" location="/resources/" />
<mvc:annotation-driven />
Я так извините за длинный пост, но хочу, чтобы убедиться, что я не оставляйте ценный информации. Я знаю, что это определенно весенняя безопасность, вызвавшая проблему, потому что когда я был на 3.0.5.RELEASE, я мог ударить css и javascript в браузере. Но когда я пытаюсь сделать то же самое с 3.1.0.RELEASE, я не могу попасть в css или js. Но другая запутанная вещь в том, что я не получаю 403 ошибки. Вместо этого он просто держит меня на текущей странице (login.htm).
благодарит за вашу помощь. Несмотря на то, что было бы неловко, я надеюсь, что это легко устранить, что я пропустил.
Обновление -> Я пробовал некоторые из ответов ниже, безуспешно. Но мне удалось получить некоторый результат из журналов и приложили вывод ниже, чтобы узнать, может ли кто-нибудь сказать, может ли это произойти. Я также немного обновил мою первоначальную конфигурацию, основываясь на помощи, которую вы мне дали.
2014-01-07 12:50:43,362 INFO [SpringSecurityCoreVersion] - You are running with Spring Security Core 3.1.4.RELEASE
2014-01-07 12:50:43,362 INFO [SecurityNamespaceHandler] - Spring Security 'config' module version is 3.1.4.RELEASE
2014-01-07 12:50:43,455 INFO [HttpSecurityBeanDefinitionParser] - Checking sorted filter chain: [Root bean: class [org.springframework.security.web.context.SecurityContextPersistenceFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 200, Root bean: class [org.springframework.security.web.authentication.logout.LogoutFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 400, <org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>, order = 800, Root bean: class [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1200, Root bean: class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1300, Root bean: class [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1400, Root bean: class [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1700, Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1800, Root bean: class [org.springframework.security.web.access.ExceptionTranslationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1900, <org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>, order = 2000]
2014-01-07 12:50:44,236 INFO [DefaultSecurityFilterChain] - Creating filter chain: Ant [pattern='/**/*.css'], []
2014-01-07 12:50:44,283 INFO [DefaultSecurityFilterChain] - Creating filter chain: Ant [pattern='/**/*.js'], []
2014-01-07 12:50:44,283 INFO [DefaultSecurityFilterChain] - Creating filter chain: Ant [pattern='/**/*.png'], []
2014-01-07 12:50:44,283 INFO [DefaultSecurityFilterChain] - Creating filter chain: Ant [pattern='/**/*.jpg'], []
2014-01-07 12:50:44,283 INFO [DefaultSecurityFilterChain] - Creating filter chain: Ant [pattern='/**/*.gif'], []
2014-01-07 12:50:44,704 DEBUG [FilterSecurityInterceptor] - Validated configuration attributes
2014-01-07 12:50:44,704 INFO [DefaultSecurityFilterChain] - Creating filter chain: [email protected], [org.spring[email protected]64dfeb, org.[email protected]a8c19b, org.springframework.s[email protected]13eb2bc, org.springfram[email protected]14865b1, org.sp[email protected]c5575, org.springframework.[email protected]1be8bf1, org.springfram[email protected]d591a6, o[email protected]14d6015, org[email protected]df39bc, org.springfr[email protected]147788d]
2014-01-07 12:50:44,720 INFO [DefaultFilterChainValidator] - Checking whether login URL '/login' is accessible with your configuration
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/**/*.css'
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/**/*.js'
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/**/*.png'
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/**/*.jpg'
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/**/*.gif'
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/resources/**'
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/login'
2014-01-07 12:50:44,720 DEBUG [AffirmativeBased] - Voter: [email protected], returned: -1
2014-01-07 12:50:44,720 DEBUG [AffirmativeBased] - Voter: [email protected]9d, returned: 1
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/**/*.css'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/**/*.js'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/**/*.png'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/**/*.jpg'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/**/*.gif'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-01-07 12:52:00,472 DEBUG [HttpSessionSecurityContextRepository] - No HttpSession currently exists
2014-01-07 12:52:00,472 DEBUG [HttpSessionSecurityContextRepository] - No SecurityContext was available from the HttpSession: null. A new one will be created.
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2014-01-07 12:52:00,472 DEBUG [AnonymousAuthenticationFilter] - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
2014-01-07 12:52:00,472 DEBUG [SessionManagementFilter] - Requested session ID 5CB169513CF0935187728353885EB4EF is invalid.
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/resources/**'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/login'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/welcome'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/priceoverride'
2014-01-07 12:52:00,472 DEBUG [FilterSecurityInterceptor] - Public object - authentication not attempted
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp reached end of additional filter chain; proceeding with original chain
2014-01-07 12:52:01,659 DEBUG [HttpSessionEventPublisher] - Publishing event: org.springframework.security.web.session.HttpSessionCreatedEvent[[email protected]]
2014-01-07 12:52:01,659 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2014-01-07 12:52:01,659 DEBUG [ExceptionTranslationFilter] - Chain processed normally
2014-01-07 12:52:01,659 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/**/*.css'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/**/*.js'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/**/*.png'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/**/*.jpg'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/**/*.gif'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-01-07 12:52:01,675 DEBUG [HttpSessionSecurityContextRepository] - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2014-01-07 12:52:01,675 DEBUG [HttpSessionSecurityContextRepository] - No SecurityContext was available from the HttpSession: [email protected] A new one will be created.
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2014-01-07 12:52:01,675 DEBUG [AnonymousAuthenticationFilter] - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9054b1a2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]1c07a: RemoteIpAddress: 127.0.0.1; SessionId: 6797458107289A1298C0F15240BC0CB4; Granted Authorities: ROLE_ANONYMOUS'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/resources/**'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/login'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/welcome'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/priceoverride'
2014-01-07 12:52:01,675 DEBUG [FilterSecurityInterceptor] - Public object - authentication not attempted
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html reached end of additional filter chain; proceeding with original chain
2014-01-07 12:52:02,846 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2014-01-07 12:52:02,846 DEBUG [ExceptionTranslationFilter] - Chain processed normally
2014-01-07 12:52:02,846 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
2014-01-07 12:52:02,862 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/css/header.css'; against '/**/*.css'
2014-01-07 12:52:02,862 DEBUG [FilterChainProxy] - /resources/css/header.css has an empty filter list
2014-01-07 12:52:02,877 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/grid.locale-en.js'; against '/**/*.css'
2014-01-07 12:52:02,877 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery-1.7.1.min.js'; against '/**/*.css'
2014-01-07 12:52:02,877 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/grid.locale-en.js'; against '/**/*.js'
2014-01-07 12:52:02,877 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery-1.7.1.min.js'; against '/**/*.js'
2014-01-07 12:52:02,877 DEBUG [FilterChainProxy] - /resources/js/grid.locale-en.js has an empty filter list
2014-01-07 12:52:02,877 DEBUG [FilterChainProxy] - /resources/js/jquery-1.7.1.min.js has an empty filter list
2014-01-07 12:52:02,877 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.metadata.js'; against '/**/*.css'
2014-01-07 12:52:02,877 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.metadata.js'; against '/**/*.js'
2014-01-07 12:52:02,877 DEBUG [FilterChainProxy] - /resources/js/jquery.metadata.js has an empty filter list
2014-01-07 12:52:02,893 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.jqgrid.min.js'; against '/**/*.css'
2014-01-07 12:52:02,893 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.jqgrid.min.js'; against '/**/*.js'
2014-01-07 12:52:02,893 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.validate.min.js'; against '/**/*.css'
2014-01-07 12:52:02,893 DEBUG [FilterChainProxy] - /resources/js/jquery.jqGrid.min.js has an empty filter list
2014-01-07 12:52:02,893 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.validate.min.js'; against '/**/*.js'
2014-01-07 12:52:02,893 DEBUG [FilterChainProxy] - /resources/js/jquery.validate.min.js has an empty filter list
2014-01-07 12:52:02,909 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/messages.js'; against '/**/*.css'
2014-01-07 12:52:02,909 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/messages.js'; against '/**/*.js'
2014-01-07 12:52:02,909 DEBUG [FilterChainProxy] - /resources/js/messages.js has an empty filter list
2014-01-07 12:52:02,909 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.hotkeys-0.8.js'; against '/**/*.css'
2014-01-07 12:52:02,909 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.hotkeys-0.8.js'; against '/**/*.js'
2014-01-07 12:52:02,909 DEBUG [FilterChainProxy] - /resources/js/jquery.hotkeys-0.8.js has an empty filter list
2014-01-07 12:52:02,909 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/shortcut-keys.js'; against '/**/*.css'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/constants.js'; against '/**/*.css'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/validation.js'; against '/**/*.css'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/common.js'; against '/**/*.css'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/shortcut-keys.js'; against '/**/*.js'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/constants.js'; against '/**/*.js'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/validation.js'; against '/**/*.js'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/common.js'; against '/**/*.js'
2014-01-07 12:52:02,924 DEBUG [FilterChainProxy] - /resources/js/shortcut-Keys.js has an empty filter list
2014-01-07 12:52:02,924 DEBUG [FilterChainProxy] - /resources/js/validation.js has an empty filter list
2014-01-07 12:52:02,924 DEBUG [FilterChainProxy] - /resources/js/common.js has an empty filter list
2014-01-07 12:52:02,924 DEBUG [FilterChainProxy] - /resources/js/constants.js has an empty filter list
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/pages/login.js'; against '/**/*.css'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/pages/login.js'; against '/**/*.js'
2014-01-07 12:52:02,924 DEBUG [FilterChainProxy] - /resources/js/pages/login.js has an empty filter list
2014-01-07 12:52:02,940 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/css/yaml/yaml/core/js/yaml-focusfix.js'; against '/**/*.css'
2014-01-07 12:52:02,940 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/css/yaml/yaml/core/js/yaml-focusfix.js'; against '/**/*.js'
2014-01-07 12:52:02,940 DEBUG [FilterChainProxy] - /resources/css/yaml/yaml/core/js/yaml-focusfix.js has an empty filter list
спасибо. Попробовал, но это не сработало. – Richie
Действительно ли вы подтвердили, что файлы не могут быть доступны? Нет никаких доказательств того, что это так. Файл журнала показывает, что указанная выше конфигурация * работает * - ресурсы имеют пустую цепочку фильтров. Попробуйте просто ввести URL-адрес ресурса в вашем браузере и посмотреть, загружен ли файл. Опишите, что происходит. –