以jsp返回错误403显示图像

Question

我在db中有表productname，price，src。 Src是产品照片的途径。 我从控制器列表发送到我的jsp和显示表。 的控制器：

@RequestMapping(value = "/products**")
 public ModelAndView products(){
 ApplicationContext context = new ClassPathXmlApplicationContext("Beans.xml");
 ProductJDBCTemplate productJDBCTemplate = (ProductJDBCTemplate)context.getBean("productJDBCTemplate");
 ModelAndView model= new ModelAndView();
 List<Product> products= productJDBCTemplate.listProducts();
 model.setViewName("products");
 model.addObject("productList",products);
 return  model;
 }

JSP：

<table class="table table-hover">
<thead>
<tr>
<th>Product's name</th>
<th>Price</th>
<th></th>
<th></th>
</tr>
</thead>
<c:forEach items="${productList}" var="product" varStatus="status">
<tr id=${product.getProductName()} >
  <form>
    <td>${product.getProductName()}</td>
    <input type="hidden" id="productName" name="productName"   value=${product.getProductName()}>
    <td>${product.getPrice()}</td>
    <input type="hidden" id="productPrice" name="productPrice" value=${product.getPrice()}>
    <td><img width="100" height="100" src=${product.getSrc()}></td>
    <td>${product.getSrc()}</td>
  </form>
  <td><button class="btn btn-default btn-md"    onclick="show('block','${product.getProductName()}',   ${product.getPrice()})">Make order</button></td>
</tr>
</c:forEach>
</table>

排<td><img width="100" height="100" src=${product.getSrc()}></td> 我收到错误：无法加载资源http://localhost:8080/images/product1：服务器响应状态为403（禁止）

但是行<td>${product.getSrc()}</td>打印正确的路径。如果我写<td><img width="100" height="100" src="/images/product1"></td>它就有效。 我怎么解决这个问题？

Spring security：

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<beans:bean id="authSuccessHandler" class="com.mkyong.web.AuthSuccessHandler" />
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">

    <intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/**" access="hasRole('ROLE_ANONYMOUS')" />
    <!-- access denied page -->
    <access-denied-handler error-page="/403" />
    <form-login 
        login-page="/login"
        authentication-success-handler-ref="authSuccessHandler"
        authentication-failure-url="/login?error" 
        username-parameter="username"
        password-parameter="password" />
    <logout logout-success-url="/login?logout"  />
    <logout logout-success-url="/"/>
    <!-- enable csrf protection -->
    <csrf/>
</http>
<!-- Select users and user_roles from database -->
<authentication-manager>
    <authentication-provider>
        <!--<password-encoder hash="sha"></password-encoder> -->
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query=
                "select username,password, enabled from users where username=?"
            authorities-by-username-query=
                "select username, role from user_roles where username =?  " />
    </authentication-provider>
</authentication-manager>