Securing AngularJS SPA with Spring Security 3.2 -
any help, advice , experience welcome.
im having separate angularjs spa on apache http server , spring backend on tomcat 7 servlet. backend serves rest api spa. rest resources require user have role.
i've been searching net days on , how implement best security strategy:
basic auth digest oauth stateless, cookies? sessions? tokens? csrf?how go communicating spring security in json or xml spa show user authentication page or "your authenticated page"?
any help appreciated.
i figured out how create spa authenticate rest backend.
in spring security created
custom simpleurlauthenticationfailurehandler returns http-unauthorizated if login effort fails. custom savedrequestawareauthenticationsuccesshandler returns http-oke if login effort successful. custom authenticationentrypoint returns http-unauthorizated instead of redirect. custom logoutsuccesshandler returns http-ok. i disabled csrf.if needs more help sense free allow me know or message me.
angularjs spring-security
No comments:
Post a Comment