CODEWITHSUNDEEP
javaangularjsspringgoogle-app-enginespring-security
M.ES
M.ES

Reputation: 940

Can not secure AngularJS page using Spring Security

I am using spring security to secure my app with the below configuration to try and display Spring default login page:

spring-security.xml

    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http auto-config="true">
        <intercept-url pattern="/**" access="ROLE_USER" />
    </http>

    <authentication-manager>
      <authentication-provider>
        <user-service>
        <user name="test.account" password="123456" authorities="ROLE_USER" />
        </user-service>
      </authentication-provider>
    </authentication-manager>

</beans:beans>

My problem is that all resources are succesfully authenticated excpet the Angular file (localhost:8080/#/notification) which is always open to public.

Edit 1:

I've tried to run the above spring security configuration on Jetty server and it works great. The problem only appears when using Google AppEngine even after adding <sessions-enabled>true</sessions-enabled> to appengine-web.xml.

Thank you in advance.

Upvotes: 0

Views: 423

Answers (1)

M.ES
M.ES

Reputation: 940

I've been able to secure static files using Spring MVC on Google AppEngine using the <security-constraint> attribute of the web.xml file.

Example:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Public Area</web-resource-name>
        <url-pattern>/xyz</url-pattern>
        <url-pattern>/images/*</url-pattern>
        <url-pattern>/yyz/*</url-pattern>
        <url-pattern>*.xml</url-pattern>
    </web-resource-collection>
</security-constraint>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

Upvotes: 1

Related Questions