I am trying to build a web application with the following frameworks:
Angular JS on the front end
REST Web Services in the backend using Spring MVC
I want to use Spring Security to authenticate all the requests going from Angular JS to Spring REST Web services. I also need to manage the session timeout/remember password etc. (All of the typical functionalities of a login functionality in a web app)
I have gone over hundreds of articles trying to find out how to do this but none of them is exactly serving the purpose I am asking for.
Any help on this (inline answer or external links) with detailed steps is highly appreciated.
(Note: I don't want to use Spring boot. Many tutorials including the one provided by Spring is using Spring boot.)
Finally found the way to do this. Clearly explained, step by step process to secure a Spring MVC based REST APIs using Spring Security
https://malalanayake.wordpress.com/2014/06/30/stateless-spring-security-on-rest-api/
Related
I am a Microsoft developer. Making an ASP.NET application with authentication to Azure AD is very easy. The traditional multi page application with Vue (as an example) can be created within two minutes (by using the Authentication wizard in Visual Studio). However watching some Angular and NPM videos I liked the CLI/npm approach. So I decided to build my next project using ADAL.js, ASP.NET Core API and Angular 6 (deploy to Azure web app). But I haven't been able to succeed, and have only been met by complexity and issues.
Is the combo of these three technologies just a bad mix, Visual Studio not suited for SPA, or have I just gotten a bad start? Any suggestions on a good setup? I am considering to split the API and front end in two apps, so I can use clean Angular without having to worry about who is building TypeScript (VS or Node) etc. But then I need two web apps, and have to worry about CORS. Any suggestions here, what is a good setup to get started?
I have followed a lot of articles like:
http://www.talkingdotnet.com/how-to-create-an-angular-6-app-with-visual-studio-2017/
https://www.npmjs.com/package/microsoft-adal-angular6
But all of them had issues.
Refer to this Microsoft published GitHub sample. This sample demonstrates the use of ADAL for JavaScript for securing an AngularJS based single page app, implemented with an ASP.NET Web API backend, that calls another ASP.NET Web API using CORS.
Call an Azure AD protected Web API in an AngularJS Single Page App
I am trying to upgrade an existing application which has Spring MVC with JSP frontend to ReactJs. I am not sure how to integrate Reactjs frontend with Spring mvc backend. Right now i compile the react app and put it inside the backend app
Then spring mvc maps to the react app. The integration between is with spring rest.
What is the best practice? I think that it will be much easier to have 2 separate application React frontend and spring backend. There are 2 big issues with this solution.
How should the react app authenticate to backend? Backend use Spring security. I know that i can use rest tokens, but i am not sure how.
If i use react-router then i need to map all react-routes to spring mvc.
I dont find any good example online. Any help would be appropriated.
We have started to work with serverless technologies specifically with AWS Lambda and API Gateway using the serverless framework. We are working with Auth0 to manage authentication. Question is what is the best front-end technology we should use?
I think that we can build the front-end using S3 and cloudfront. The flexibility of each webpage or a set of webpages without any server sounds fantastic and simple, however I wanted to know of any pros and cons in building out web pages that use standard javascript ajax calls using S3 and cloudfront versus using other front-end technologies such as angularjs or vue?
tldr;: Should we build front-end pages using angularjs, vue, etc. or should we use S3 using pure AJAX calls? What are the pros and cons?
You should find hosting any application that uses a popular SPA framework via S3 is achievable. The fact you are using serverless for the API(s) that will be called from your SPA application makes no difference from the perspective of the SPA (client). The client is referencing a web endpoint only. For secured API endpoints, please look at Auth0's Resource API approach, where you would receive a JWT ID Token and JWT Access Token on successful authentication, and send the JWT Access Token with each request. More information on this on the Auth0 website together with samples illustrating how it all works.
Regarding choice on SPA framework / JS technology to use - here are a few useful links to help getting started:
AngularJS - https://auth0.com/docs/client-platforms/angularjs
AngularJS 2 - https://auth0.com/docs/client-platforms/angular2
EmberJS - https://auth0.com/docs/client-platforms/emberjs
EmberJS 2 - https://auth0.com/docs/client-platforms/ember2js
React - https://auth0.com/docs/client-platforms/react
jQuery - https://auth0.com/docs/client-platforms/jquery
Vanilla JS - https://auth0.com/docs/client-platforms/vanillajs
Hope your project is a success.
I'm building a REST APIs in Symfony2. The idea is to use these apis from a angular web app and a mobile app. Authentication is required to use the APIs.
I thought in the following possibilites:
Separate Symfony and angular in diferent projects:
The URLs under /api would use OAuth2 to authenticate user (FOSOAuthServerBundle). Both web and mobile app would need to use an access token.
Include angular inside Symfony: In the web app the users are authenticated using a symfony form, and therefore no need to protect the urls under /api with OAuth2. But how would authenticate users from the mobile app?
Please, any help is good!
In short, what I need is that the APIs can be used from two clients: web app and mobile app
Thanks!
I'm currently studying and suffering from the same problem and so far the best option I've seen is to keep the projects separate. If you include angularJS in your Symphony project, you will end up using resources that Symphony provides that you won't be able to replicate in the mobile structure. By detaching the server with the client completely, your Web App built only with Angular will be more similar to your mobile app, mimicking the stand-alone application mode.
Personally, I chose JWT Auth since it doesn't require 12 tables in your database, but using OAuth2 would have similar result.
Is always better to choose some solution that is already tested for many people and is used by them. So, I think is better you to use the OAuth technique, so you can consume your api from mobile, web and every other technology.
If you will join the API and WEBApp is up to you. because REST use no session and every call is a new call that you need to check and block or respond. I have an app that has an Codeigniter API and an AngularJS APP in the same project, but thoose does not share any exclusive thing as sessions.
I built e-commerce with FOSRestBundle, HWIOOauthBundle and FOSUserBundle
From server side, generate accesstoken and authenticate via api/login/ api/login_check/
write your security.yml routing access
From client side, call your api. It should render 200 or 403 HTTP_Code.
I have a full Spring application (security managed by spring-security and the controller Layer is build with Spring MVC).
I am using in the front-end AngularJS .
I need some example of how I will handle REST authentication with Spring Security and how I will call these services in the Angular side.
Note: Basic authentication will be perfect in my case .
Some code is needed to integrate AngularJS and Spring Security, as Spring Security wasn't meant to be used by a full Ajax framework.
Here is a sample application that does this integration, you will get both the Spring Security configuration and some classes used to do this integration:
https://github.com/jhipster/jhipster-sample-app
One of the great things about AngularJS is that its pretty flexible and can operate with a number of different backend configurations. While I haven't personally used spring MVC or spring security I have used Angular with .NET MVC, Node, and PHP all with slightly different authentication systems and it worked out very well.
Dave Mosher has a great tutorial series that incorporates authentication concepts(his example is PHP with Laravel) but the concepts may be helpful:
https://github.com/davemo/end-to-end-with-angularjs
For a more advanced example of authentication with AngularJS you might want to check out Angular-App:
https://github.com/angular-app/angular-app