I have an existing struts application to which an angular/spring application will be combined. Both will exist on different url patterns. But both will be having a same login page which is a jsp. Also, spring security is used in the angular/spring application.
Based on the logged in user, from the login, the user will be redirected to either angular-spring/struts application and the authentication will be done by the respective applications. So I need to send the username and password to angular and then do the login from there.
But I am not able to send the data to angular side and even if I can somehow, Im not sure how to retrieve the data. How can I achieve this ?
Any help is much appreciated. Thanks.
Write rest API so you can get or post data from angular app
Hope this post will help you https://dzone.com/articles/java-8-springboot-angularjs-bootstrap-springdata-j
Related
Im having a problem to understand the OAuth flow with Spring.
I have a server running, which got protected endpoints to deliver metric data about the users, revenue usw.
These are used inside an admin panel written in Angular2. Currently the access_token for these endpoints is received by sending the ClientId/Secret and username password to my server.
But obviously its bad to store the Clientsecret on a javascript site.
So I need a way to retreive an access_token from javascript without exposing the client_secret.
I tried to implement the Spring OAuth2 implicit flow which somehow works, but only when I type it inside a browser so the /login page from spring shows up.
My Admin panel has its own Login page so this doesnt work out.
Does anyone have suggestions?
I followed this code and implemented the jwt authentication successfully. I am using this authentication in my web application. I am able to get the token on the login page. After that how to attach that token to the header of all the subsequent requests. I stored the token in local storage, but when I navigate to next page after successful login before js loads, the page getting loaded with 401 error.
How should I achieve this?
The problem is you're trying to use token based security with the Web MVC architecture. I did a quick search for any tutorials on how to do it that way and all I was able to find is examples of REST APIs that use token based security.
The reason is that with Spring MVC, each link you click is going to redirect you to a controller endpoint that is going to render the HTML and send it back to the browser. Unless you somehow made every link on your site include the token in a header or perhaps used a cookie to store the token, you'll get a 401 error because the token isn't present in the request.
If you were to use Angular JS (or your favorite front end framework) with a REST backend, you'll be able to use the JS to put whatever you need in the header to make sure the user is authenticated and has access to the resource. There a lot of example projects out there that demonstrate how to do this.
Disclaimer I haven't been able to find a reliable source that definitively says that token based security is for REST only. I'm basing this on experience and readily what I see out there in terms of tutorials and how to articles.
Ich totally agree to the answer from blur0224, you have to set the token in the request header of every link on your pages. I don't know how to achieve this. Furthermore I think that JWT token based authentication is not the right way for MVC based app. I would use it in SPAs build with frameworks like Angularjs.
Why don't you use the 'standard' Spring authentication?
I'm developing a REST JSON API with the Spring MVC Framework. I want to serve a single HTML application to the user and the whole communication between server and client is done with JSON format. So the client single HTML application uses jQuery to send AJAX calls to the server.
My big problem is to find the right way to do integrate a proper security technique. I read a lot about basic, digest or form based authentication via Spring Security, but I don't think this is the right way. I want to get JSON responses if the user isn't logged in and I don't want to send a jsessionid with each request.
Could you please tell me the right way or the best-practice how to authenticate user by performing AJAX requests? Maybe it's OAuth 2-legged? (don't have much clue of OAuth)
If you don't want to store auth information in server-side session (and use JSESSIONID in cookies/urls) you may send auth info with every ajax request using BASIC auth header (created in JS).
I've never used 2-legged oauth, so I won't comment about it.
edit: typo
I'm new to Spring3 MVC and I'm working on a web project using it, I has implemented login and logout. I put the user info in session when user login and remove it when he logout.
Now I want to implement that:
if user login, thus he can do whatever, but if he logout and access the page which is in the server, we should redirect to the login page.
I think it's possibly using filter and some configuration in web.xml so I needn't writte much code. I think it's very easy using configuration but I don't know how to implement it.
SO How and What should I config? It's like this question a bit:Looking for a Simple Spring security example
Thanks for your help.
use - return "redirect:LoginPage";
At my project I use Spring Security and GWT with url-like internationalization (http://....html?locale=en). Login and logout functions work very well, but here is another hitch: when user login he got localization-like URL (for example http://localhost:8000/Admin/app/Admin.html?locale=en) but after he close window (without logout) and coming back at URL http://localhost:8000/Admin/ he take authorization by Spring Security with session and login at system without "?locale=" param, so he got default language.
The main question is - how can I interrupt between two process (after Spring say - "Ok! it a good user - comin!" and before he throw user a link to coming) so that I can add locale to his URL ?
Thanks.
You can implement a custom AuthenticationSuccessHandler to add parameters to the request on authentication success. See this question.