CODEWITHSUNDEEP
javascriptspringspring-security
robert trudel
robert trudel

Reputation: 5749

Secure an single page application with spring

I created a single page application in js, i use also a few jquery command and twitter bootstrap.

I charge my page this way

$('#contact').click(function () {
    $('#main').load('contact.html');
});

I use spring java on the server and a rest full architecture.

Is there a easy way to secure my web page with theses framework?

Upvotes: 0

Views: 151

Answers (1)

Ivan Rodrigues
Ivan Rodrigues

Reputation: 469

I think that the best way for you is add the spring security dependency with it you'll get a full control in your services REST and integration with multiple modules like OAuth, Social(Facebook, Twitter ...) and much more. With Spring Security you can configure the permissions configuring a Java class or by XML

Enjoy with a sample:

@Configuration @EnableWebSecurity @Import({ConfigDAO.class, ConfigService.class}) public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private DataSource datasource;

@Autowired
private PasswordEncoder passwordEncoder;

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth
    .jdbcAuthentication()
    .dataSource(datasource)
    .passwordEncoder(passwordEncoder)
    .usersByUsernameQuery("select usuario, senha as password, habilitado as enabled from cds_usuario where usuario = ? ")
    .authoritiesByUsernameQuery("select usuario, perfil as authority from cds_usuario where usuario = ?")
    .getUserDetailsService();
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
    .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
    .antMatchers("/painel**").access("hasRole('ROLE_ALUNO')")
    .antMatchers("/").access("permitAll")
    .antMatchers("/cadastro**").access("permitAll")
    .antMatchers("/error/**").access("permitAll")
    .and().formLogin().usernameParameter("username").passwordParameter("senha")
    .loginPage("/").loginProcessingUrl("/autenticar")
    .failureUrl("/")
    .defaultSuccessUrl("/painel")
    .and().logout().deleteCookies("remove")
    .invalidateHttpSession(false)
    .logoutUrl("/logout").logoutSuccessUrl("/")
    .and().csrf().disable()
    .exceptionHandling().accessDeniedPage("/403");
    http.sessionManagement().maximumSessions(1).expiredUrl("/logout");
}

}

Upvotes: 1

Related Questions