Struts 2 Tiles Spring Security 3 Cannot load css, image, scripts

StackOverflow https://stackoverflow.com/questions/12376123

سؤال

I am working on a Struts 2 + Tiles + Spring Security 3 application and I am not able to load any css, image and scripts. They resources are all deloyed into to 'publish' folder. The application works fine, excepts it does not load any of these.

Here's my Spring Security mapping. The resources are under /static/images and /static/css etc, and the jsp pages are within /WEB-INF/pages/.. WEB-INF and static are on same hierarchy.

<property name="securityMetadataSource">
        <security:filter-security-metadata-source>

            <security:intercept-url pattern="/admin/**"
                access="ROLE_ADMIN" />
            <security:intercept-url pattern="**/"
                access="ROLE_ANONYMOUS,ROLE_ADMIN" />                   

        </security:filter-security-metadata-source>
    </property>

There isn't any reference to these folders in either struts.xml or tiles.xml because they're not rendered via action calls.

Web.xml looks like this:

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
    /WEB-INF/classes/app-context.xml
    /WEB-INF/classes/security-context.xml
    </param-value>
</context-param>
<context-param>
    <param-name>org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG</param-name>
    <param-value>/WEB-INF/classes/tiles/tiles.xml</param-value>
</context-param>

<!-- =======================================================  -->
<!-- FILTER.                                                  -->
<!-- =======================================================  -->
<!--Spring Security filter -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>


<filter>
    <description>struts2</description>
    <display-name>struts2</display-name>
    <filter-name>struts2</filter-name>
    <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>

<filter>
    <description>action2-cleanup</description>
    <display-name>action2-cleanup</display-name>
    <filter-name>action2-cleanup</filter-name>
    <filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
</filter>

 <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>struts2</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>action2-cleanup</filter-name>
    <url-pattern>/action2-cleanup</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>action2-cleanup</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<!-- =======================================================  -->
<!-- Listeners                                                -->
<!-- =======================================================  -->
<listener>              
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- <listener>             
    <listener-class>org.apache.struts2.tiles.StrutsTilesListener</listener-class>

</listener> -->

<servlet>
<servlet-name>tiles</servlet-name>
<servlet-class>org.apache.tiles.web.startup.TilesServlet</servlet-class>

<load-on-startup>2</load-on-startup>

I am trying to load images via any one of these just to see if they load:

<img src="<s:url value='./static/images/btn_add.gif' />"  />
<img src="<s:url value='/static/images/btn_add.gif' />"  />
<img src="../static/images/btn_add.gif"  />
<img src="../../static/images/btn_add.gif" />       

<s:submit action="item_add" type="image"                src="./static/images/btn_add.gif" />

None of these work. I tried various other urls from by debugging with firebug, still nothing.

Can someone explain to me what I am missing? I used spring 3.0.5.Release version and then tried to using 3.0.3.Release version. Neither worked.

No errors. It just does not display. Yes, I did clear the browser cache and even tried on a different browser.

After your feedback:: EDIT 1

Hmm.. that stll didn't do it.

I see these at output:

2012-09-12 11:39:59,268 DEBUG [DefaultFilterInvocationSecurityMetadataSource.java:173] : Converted URL to lowercase, from: '/static/images/btn_add.gif'; to: '/static/images/btn_add.gif'

2012-09-12 11:39:59,270 DEBUG [DefaultFilterInvocationSecurityMetadataSource.java:200] : Candidate is: '/static/images/btn_add.gif'; pattern is /static/**; matched=true 2012-09-12 11:39:59,271 DEBUG [AbstractSecurityInterceptor.java:191] : Secure object: FilterInvocation: URL: /static/images/btn_add.gif; Attributes: [ROLE_ANONYMOUS, ROLE_ADMIN] 2012-09-12 11:39:59,271 DEBUG [AbstractSecurityInterceptor.java:292] : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@52a05099: Principal: anonymous; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 978365092A5784AEBC711B8F588029A3; Granted Authorities: ROLE_ANONYMOUS 2012-09-12 11:39:59,272 DEBUG [AffirmativeBased.java:53] : Voter: org.springframework.security.access.vote.RoleVoter@8efd67, returned: 1 2012-09-12 11:39:59,272 DEBUG [AbstractSecurityInterceptor.java:213] : Authorization successful

What is http namespace? <security:http pattern="/static/**" security="none" />

Here is my security xml namespaces:

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

security does not allow "http" attribute.

هل كانت مفيدة؟

المحلول

Since you are using spring security, you should ensure that security is disabled for static assets

<security:http pattern="/static/**" security="none" />

Then you should be able to render correctly static resource using

<img src="<s:url value='/static/images/btn_add.gif' />"  />

Remarks on your first edit:

http is not a namespace, security is. Web security services are configured using the <http> element (<security:http>). security is the namespace for configuring spring-security inside spring xml configuration files, refering to http://www.springframework.org/schema/security and a specific xsd http://www.springframework.org/schema/security/spring-security-3.1.xsd (for Spring 3.1).

As we can see in your logs, the filter has been correctly taken into account, and your image has been correctly matched by the pattern /static/** and access has been granted, so it should be rendered.

You may want to try the filters="none" attribute on the http-intercept element for spring 3.0.x because as I am reading the docs I'm not sure that ` is valid for Spring 3.0.x, but only for 3.1+.

Try with (see this page for details):

<http ...>
    <intercept-url pattern="/static/**" filters="none" />
</http>

If this does not work, can you check with your browser (for example with Chrome) using Web development tools what is the error for loading the given image ? 404 Not found? 403 Unauthorized? Something else?

مرخصة بموجب: CC-BY-SA مع الإسناد
لا تنتمي إلى StackOverflow
scroll top