React and Spring boot security integration - reactjs

I'm quite new to React.js. I tried to access the Spring Rest Api call through Axios and it worked. Would like to know how to add authentication to the same and is there any possibility to access Spring Login functionality through React Js. Please provide some suggestions.

Related

Is it Possible Spring Boot and React (SPA, not a server-side render) use Session Authenthication instead of JWT?

Most of the tutorials on the internet are using React JS in a Spring Project, therefore it will be a server-side render like thymeleaf. But in my project, spring boot (REST API Backend) and ReactJS (SPA) are separated.
I have a monolithic app so I think I don't have to use JWT (moreover spring oauth2 authorization project is deprecated).
Is it possible to use Spring Security session authentication (Jsessionid) with a SPA such as react js?
How do I login, what is the endpoint for it? Is it just a POST
request to /login endpoint with a payload of username and password?
For the other endpoint, does the React only have to include the cookie of Jsessionid whenever make a REST API Call to spring boot so it can be authenticated?
Typically jsp, xhtml, jsf pages are rendered in server side and converted into html in server so If you want to use react js and do not use JWT how can clients side ui will depends to security layer? If you want to use hybrid ui, you can use it but if you want to use full client side rendering it won't happen.
You can use Spring MVC for login mechanism and you have to manage session. Your configuration of server side has to depend on session management. When you send request to rest endpoint, Security filters will be triggered and checks the session is valid or not. You can specify your custom filters as well.
But the best approach is using JWT and react together. Also you are using spring boot and create static folder in resources and deploy your react app to that location. There will be some html files like login.html, index.html, main.html etc.
Each html file can be small react applications but managed with Spring MVC.

Laravel Authentication (With ReactJs)

This is made me new about how it works the authentication of laravel in the ReactJS
Hi I'm new in ReactJS, is their sample, or tutorial how to use the authentication login of laravel in the ReactJS.
I read in github other say use JSON web tokens (JWT)
Thanks.
Building an authentication flow with Laravel and React is similar to using any other framework like Nodejs. You just build the auth endpoints in Laravel and make REST calls to your endpoint from ReactJS.
But a quick google search will reveal multiple solutions to your problem. But the one that I think would be of most help: React-Laravel JWT Authentication Tutorial

Angular frontend authentication when using Grails and Spring Security for backend

I'm writing an Angular app which has Grails with Spring Security as a backend. I don't want to couple frontend with backend, so I don't use any gsp's, the communication goes only through REST requests.
Now the question comes which authentication to use.
Form authentication could be useful, but spring security redirects to the default form page and my login page is outside of Grails (in Angular project). I don't need a form page from spring security, I just need a URL where I can do my post request with credentials and get a cookie back.
So I started with Basic authentication which is easy enough, but then we have to add Authorization header to each request, which is annoying and not secure.
Spring security allows remember me cookie, but it is coupled to form authentication, so it is not possible (or difficult) to use it with basic authentication.
Stateless token authentication (for example, JWT) sounds great, but it is not clear how to configure it with Grails. The documentation for Security plugin has no mention about stateless authentication: http://grails-plugins.github.io/grails-spring-security-core/guide/index.html
So what is the best way to do authentication from Angular in Spring Secirity?
You are using default behavior of spring security. If you want stateless authentication, you will have to override the default behavior. Please go through this wiki page and also see this sample app for angular backend.

Deploying angular js app with spring boot backend in aws

I'm new to using aws , so really sorry if I'm asking something stupid.
I have built my angularJS app which using REST APIs that i made using spring boot. Since i call a session cookie from the same domain.
As most of my API authorizes users using http cookie
(www.example.com) and not (xyz.example.com)
I would now have to keep all my API's and client code coming from the same domain.
How can i manage that with aws ?
Any help would be great. Thanks

Securing AngularJS SPA with Spring Security 3.2

Any help, advice and experience is welcome.
Im currently having a separate AngularJS SPA on a Apache HTTP Server and a Spring Backend on a Tomcat 7 Servlet. The backend serves as a Rest API for the SPA.
Some rest resources will require a user to have a certain role.
I've been searching the internet for days on what and how to implement the best security strategy:
Basic Auth
Digest
oAuth
Stateless, Cookies? Sessions? Tokens? CSRF?
How would you go about communicating Spring Security in Json or XML to your SPA to show the user an authentication page or an "your successfully authenticated page"?
Any help is appreciated.
I finally figured out how to make the SPA authenticate with my Rest Backend.
In spring security I created a
Custom SimpleUrlAuthenticationFailureHandler which returns a HTTP-Unauthorizated if a login attempt fails.
Custom SavedrequestAwareAuthenticationSuccessHandler which returns Http-Oke if a login attempt is successful.
Custom AuthenticationEntryPoint which returns Http-Unauthorizated instead of a redirect.
Custom LogoutSuccessHandler which returns Http-OK.
I disabled CSRF.
If anyone needs more help feel free to let me know or message me.
I highly recommend watching this Spring's introductory video. It explains usage of Spring Security from ground up using Java configuration. Apart basic configuration, authentication and CLRF token usage also dive into field security. Uses templating on server with Thymeleaf though, but can provide a lot of wisdom for REST based app also.

Resources