I volunteered to be JLO (Java Language Owner) at CircleCI and I am currently working on getting a sample Spring Framework project running on CircleCI 2.0. I made a simple app bootstrapped with the Spring Initializer. I included Spring Security for the first time and I decided to try out WebJars for static Javascript libraries such as bootstrap. I am using Thymeleaf for templating.The app does not actually do anything yet but I ran into a pretty strange issue today that I wanted to write up here. My home page is pretty straightforward.
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> <title>CircleCI Spring Demo</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" th:href="@{/webjars/bootstrap/3.3.7/css/bootstrap.min.css}" /> <link rel="stylesheet" th:href="@{/css/style.css}" href="../static/css/style.css" /> </head> <body> <nav class="navbar"> <div class="container"> <div class="navbar-header"> <a class="navbar-brand" href="#">CircleCI Demo Spring</a> </div> <div id="navbar" class="collapse navbar-collapse"> <ul class="nav navbar-nav"> <li class="active"><a href="#">Home</a></li> <li><a href="#">About</a></li> </ul> </div> </div> </nav> <div class="container"> <h1> CircleCI Spring Demo </h1> </div> <script th:src="@{/webjars/bootstrap/3.3.7/js/bootstrap.min.js}"></script> </body> </html>
However, when I tried to load up the app with mvn spring-boot:run
none of the styles showed up and console showed the following error message:
Resource interpreted as Stylesheet but transferred with MIME type text/html
It turns out, that a default spring-security config will basically block any request unless you whitelist it. The MIME type is a red herring since what is actually happening is that my spring-security config is redirecting all unauthenticated users to my login page (which is login.html
) instead of serving up the stylesheet from the/webjars
directory. The solution is to update my security configuration to whitelist anything that comes from /webjars
package com.circleci.demojavaspring; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/", "/home", "/webjars/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .and() .logout() .permitAll(); } }
Now, the styles load as expected.
Very useful! thanks a lot!