Spring Security, Webjars, and MIME type error
I volunteered to be JLO (Java Language Owner) at CircleCI and I am currently working on getting a sample Spring Framework project running on CircleCI 2.0. I made a simple app bootstrapped with the Spring Initializer. I included Spring Security for the first time and I decided to try out WebJars for static Javascript libraries such as bootstrap. I am using Thymeleaf for templating.The app does not actually do anything yet but I ran into a pretty strange issue today that I wanted to write up here. My home page is pretty straightforward.
<!DOCTYPE html> <html xmlns:th="https://www.thymeleaf.org"> <head> <title>CircleCI Spring Demo</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><span class="p"><</span><span class="nt">link</span> <span class="na">rel</span><span class="o">=</span><span class="s">"stylesheet"</span> <span class="na">th:href</span><span class="o">=</span><span class="s">"@{/webjars/bootstrap/3.3.7/css/bootstrap.min.css}"</span> <span class="p">/></span> <span class="p"><</span><span class="nt">link</span> <span class="na">rel</span><span class="o">=</span><span class="s">"stylesheet"</span> <span class="na">th:href</span><span class="o">=</span><span class="s">"@{/css/style.css}"</span> <span class="na">href</span><span class="o">=</span><span class="s">"../static/css/style.css"</span> <span class="p">/></span></head> <body>
<span class="p"><</span><span class="nt">nav</span> <span class="na">class</span><span class="o">=</span><span class="s">"navbar"</span><span class="p">></span> <span class="p"><</span><span class="nt">div</span> <span class="na">class</span><span class="o">=</span><span class="s">"container"</span><span class="p">></span> <span class="p"><</span><span class="nt">div</span> <span class="na">class</span><span class="o">=</span><span class="s">"navbar-header"</span><span class="p">></span> <span class="p"><</span><span class="nt">a</span> <span class="na">class</span><span class="o">=</span><span class="s">"navbar-brand"</span> <span class="na">href</span><span class="o">=</span><span class="s">"#"</span><span class="p">></span>CircleCI Demo Spring<span class="p"></</span><span class="nt">a</span><span class="p">></span> <span class="p"></</span><span class="nt">div</span><span class="p">></span> <span class="p"><</span><span class="nt">div</span> <span class="na">id</span><span class="o">=</span><span class="s">"navbar"</span> <span class="na">class</span><span class="o">=</span><span class="s">"collapse navbar-collapse"</span><span class="p">></span> <span class="p"><</span><span class="nt">ul</span> <span class="na">class</span><span class="o">=</span><span class="s">"nav navbar-nav"</span><span class="p">></span> <span class="p"><</span><span class="nt">li</span> <span class="na">class</span><span class="o">=</span><span class="s">"active"</span><span class="p">><</span><span class="nt">a</span> <span class="na">href</span><span class="o">=</span><span class="s">"#"</span><span class="p">></span>Home<span class="p"></</span><span class="nt">a</span><span class="p">></</span><span class="nt">li</span><span class="p">></span> <span class="p"><</span><span class="nt">li</span><span class="p">><</span><span class="nt">a</span> <span class="na">href</span><span class="o">=</span><span class="s">"#"</span><span class="p">></span>About<span class="p"></</span><span class="nt">a</span><span class="p">></</span><span class="nt">li</span><span class="p">></span> <span class="p"></</span><span class="nt">ul</span><span class="p">></span> <span class="p"></</span><span class="nt">div</span><span class="p">></span> <span class="p"></</span><span class="nt">div</span><span class="p">></span> <span class="p"></</span><span class="nt">nav</span><span class="p">></span> <span class="p"><</span><span class="nt">div</span> <span class="na">class</span><span class="o">=</span><span class="s">"container"</span><span class="p">></span> <span class="p"><</span><span class="nt">h1</span><span class="p">></span> CircleCI Spring Demo <span class="p"></</span><span class="nt">h1</span><span class="p">></span> <span class="p"></</span><span class="nt">div</span><span class="p">></span> <span class="p"><</span><span class="nt">script</span> <span class="na">th:src</span><span class="o">=</span><span class="s">"@{/webjars/bootstrap/3.3.7/js/bootstrap.min.js}"</span><span class="p">></</span><span class="nt">script</span><span class="p">></span></body> </html>
mvn spring-boot:run none of the styles showed up and console showed the following error message:
Resource interpreted as Stylesheet but transferred with MIME type text/html
login.html) instead of serving up the stylesheet from the/webjars directory. The solution is to update my security configuration to whitelist anything that comes from /webjars
package com.circleci.demojavaspring;import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/", "/home", "/webjars/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .and() .logout() .permitAll(); } }
Thank you for reading! Share your thoughts with me on bluesky, mastodon, or via email.
Check out some more stuff to read down below.
Most popular posts this month
- My Custom Miniflux CSS Theme
- SQLite DB Migrations with PRAGMA user_version
- 2024
- Setting up ANTLR4 on Windows
- Song Of The Day: Talk talk (featuring Troye Sivan) - Charli xcx
Recent Favorite Blog Posts
This is a collection of the last 8 posts that I bookmarked.
- Offline 23 hours a day from Derek Sivers blog
- Pluralistic: California can stop Larry Ellison from buying Warners (28 Feb 2026) from Pluralistic: Daily links from Cory Doctorow
- On Alliances from Smashing Frames
- Acting ethically in an imperfect world from Smashing Frames
- Diffusion of Responsibility from Smashing Frames
- Fedora Magazine: Contribute to Fedora 44 KDE and GNOME Test Days from Fedora People
- Pluralistic: bunnie's piggyback hack (09 Jan 2026) from Pluralistic: Daily links from Cory Doctorow
- Clicks Communicator from Chris Hannah
Articles from blogs I follow around the net
Old Music Friday
I love this so much. We take so much for granted, so I freaking love to be reminded of the time-traveling magic of recorded music.
via Blog – Brad Frost March 3, 2026w0rdz aRe 1mpoRtAnt
The other day I was looking at the team billing section of an AI product. They had a widget labeled “Usage leaderboard”. For whatever reason, that phrase at that moment made me pause and reflect — and led me here to this post. It’s an interesting label. You…
via Jim Nielsen’s Blog March 3, 2026Pluralistic: Supreme Court saves artists from AI (03 Mar 2026)
Today's links Supreme Court saves artists from AI: Just because you're on their side, it doesn't mean they're on your side. Hey look at this: Delights to delectate. Object permanence: KKK x D&D; Martian creativity; Scott Walker's c…
via Pluralistic: Daily links from Cory Doctorow March 3, 2026Generated by openring