Unknown behaviour on Java Spring Boot Framework

Question

Can anyone explain to me, why Spring Boot is sending me an login-form as default http responde when accessing the specified context-path:

# configuring Tomcat Server Host
server.address = 127.0.0.1
server.tomcat.threads.max = 20
server.servlet.context-path=/webapp

I am accessing this site by typing: http://127.0.0.1:8080/webapp

My File structure looks like this:

|-.idea
|-.mvn
|-src
   |-java
   |-resources
   |-webapp
      |-resources
      |-script
      |-styles
      |-index.html

I expected, that as default, when defining the context-path, the index.html-file would be sent back as response. Instead I receive a login-form, which wasn't designed by myself.

question from:https://stackoverflow.com/questions/65935777/unknown-behaviour-on-java-spring-boot-framework

Answer 1

|-.idea
|-.mvn
|-src
   |-java
   |-resources
       |-static
         |-resources
         |-script
         |-styles
         |-index.html

You can use static folder to publish index html if you didn't enable security. If you enabled the security layer then you have to configure it.

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@AllArgsConstructor
public class CustomWebSecurity extends WebSecurityConfigurerAdapter {

    private final UserService userService;
    private final ObjectMapper objectMapper;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().cors().and().authorizeRequests()
                .antMatchers(HttpMethod.POST, ChallengeConstant.AUTHORIZE_ENDPOINT).permitAll()
                .antMatchers(HttpMethod.POST, ChallengeConstant.TOKEN_ENDPOINT).permitAll()
                .antMatchers(HttpMethod.GET, "/*").permitAll()
                .antMatchers(HttpMethod.GET, "/assets/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .addFilterBefore(new JWTFilter(userService, objectMapper), UsernamePasswordAuthenticationFilter.class)
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
}

Here is an example of configuration.

Below two lines will skip auth flows for index html and asset folder.

.antMatchers(HttpMethod.GET, "/*").permitAll()
.antMatchers(HttpMethod.GET, "/assets/**").permitAll()