how to setting css, primefaces, javascript, jquery pattern in security.xml [spring security]

Question

Hello all!
In my jsf page I can't load any scripts [javascript, css, jquery and primefaces] and I think my problem is related to the way i am setting my security.xml

I'm using :
primefaces 3.1.1
jsf 2.0
spring framework 3.0.2

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Production</param-value>
</context-param>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/app-config.xml</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.FACELETS_LIBRARIES</param-name>
    <param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
</context-param>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<servlet>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/app-config.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <url-pattern>*.htm</url-pattern>
</servlet-mapping>
<welcome-file-list>
    <welcome-file>faces/index.jsp</welcome-file>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>

My security.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<http auto-config="true" use-expressions="true">

    <intercept-url pattern="/assets/previews/**" filters="none"/>
    <intercept-url pattern="/assets/thumbs/**" filters="none"/>
    <intercept-url pattern="/css/**" filters="none" />
    <intercept-url pattern="/design/**" filters="none" />
    <intercept-url pattern="/images/**" filters="none" />
    <intercept-url pattern="/js/**" filters="none" />
    <intercept-url pattern="/pageAllNews/**" filters="none" />
    <intercept-url pattern="/pageLogin/**" filters="none" />
    <intercept-url pattern="/resources/css/**" filters="none" />
    <intercept-url pattern="/resources/skins/**" filters="none" />
    <intercept-url pattern="/templates/**" filters="none" />

    <intercept-url pattern="/userPage/**" filters="none"/>
    <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"/>
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
    <intercept-url pattern="/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')"/>

    <form-login login-page="/userPage/home.jsf"/>
    <logout logout-success-url="/userPage/home.jsf"/>
    <remember-me />
</http>

<authentication-manager>
    <authentication-provider>
        <password-encoder hash="md5"/>
        <jdbc-user-service data-source-ref="dataSource" />
    </authentication-provider>
</authentication-manager>

</b:beans>

Ca anyone give me a suggestion for this problem?
Thanks

agungdmt :D

Possible duplicate of [PrimeFaces CSS skin not showing in login page, also JavaScript undefined errors](https://stackoverflow.com/questions/13822978/primefaces-css-skin-not-showing-in-login-page-also-javascript-undefined-errors) — Kukeltje, Jul 11 '19 at 21:05

score 0 · Answer 1 · answered May 22 '12 at 11:45

You need to set the intercept-url tags that point to static web resources to allow anonymous users to authenticate.

<intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

Either that or serve your static web content through a different context than the web application context, which personally is what I do.

how to setting css, primefaces, javascript, jquery pattern in security.xml [spring security]

1 Answers1