i have a mixed code container containing:
the container is being build using jib - the 'static' content are deployed with a gradle copy job in the /app/resources/static directory. Here is the Layout:
The backend is secured with spring security.
The frontend is excluded from spring security chain:
Starting the container and trying to access the index.html yields in a 401 "Unauthorized":
I tried different things already (changing the static-path, modifying the security chain, ...) but i always get the same result. I am a bit lost and kindly request guidance :)
Regards
I believe the key here is the paths specified in .requestMatchers(...)
refer to the HTTP request's path, not the path on the filesystem.
You'll notice the request shown from the browser is to /index.html
, which is not specified in the list of ignored request matchers in the webSecurityCustomizer
bean. This answer from Andy Wilkinson goes into more detail.
Modifying the bean to:
@Bean
WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring().requestMatchers("/index.html", "/js/**", "/css/**", "/images/**", "/actuator/**");
}
Should fix things.
You might also want to take Jib out of the equation while you're developing locally and just try running the application with mvn spring-boot:run
or ./gradlew bootRun
. Then, once things are working, try doing the same with the Jib-built Docker image.