Some folders need their contents to be accessible without authentication, for example, the folder containing CSS files, the folder containing JavaScript files, and the folder containing static images. None of these usually contain confidential information and some of their files may be necessary to display the login page and the public pages of the website properly.
In the security configuration class, override the configure(WebSecurity web)
method to define the public folders:
@Override public void configure(WebSecurity web) throws Exception { web .ignoring() .antMatchers("/css/**") .antMatchers("/js/**"); .antMatchers("/img/**"); }