Reputation: 673
AngularJs and Java Servlet technology
I am trying to integrate a very old Java web application and a AngularJs front end. I can't use Spring framework and basically have to code the pieces by hand. Here are my specific questions:
I post the login form to the servlet for authentication, the servlet replies with a permission object and a Jsessionid. How do I avoid re-login when I navigate away and come back to the page ? Do I need another cookie to store username/password?
How do I provide CSRF protection with this architecture ?
An example would be very highly appreciated.
Upvotes: 0
Views: 756
Answers (2)
Reputation: 673
I actually implemented two solutions one using JWT and the other using traditional Java Servlet implementation using a Jsessionid cookie. So far I feel the cookie one is cleaner so here are some details:
Login.html posts a username/password form to a servlet. The servlet validates the credentials and if successful starts a new session (which results in a jsessionid cookie). If an authentication fails, a HttpServletResponse.SC_UNAUTHORIZED is returned.
a. If the callback is successful the client redirects the browser to my application.html page.
b. If failed prompts a message and stays on the login.html page.
- when application.html page loads it immediately sends a dummy get request to the login servlet to make sure the session is still valid. If yes, it loads the rest of the page, if not redirects back to the login page.
- Web services are secured the same way using an Auth filter that checks the session id.
so far it looks good and very straight forward.
Upvotes: 0
Reputation: 5241
My suggestion is to use JWT tokens with Satellizer library which simplifies your work. After user has been logged in and you issued JWT token to him, he should pass back this token on every http request, (Satellizer injects it automatically after successful login). You need to validate it and permit/restrict user's action accordingly. There're few Java libraries which simplifies work with JWT tokens on a server side. I've used in a couple of my projects jose4j library, and have positive experience with it.
Satellizer and jose4j both have good examples on their wiki how to use them.
Upvotes: 2
Related Questions
- How do I efficiently iterate over each entry in a Java Map?
- How do I avoid checking for nulls in Java?
- How do I read / convert an InputStream into a String in Java?
- Is Java "pass-by-reference" or "pass-by-value"?
- How can I create a memory leak in Java?
- How do I generate random integers within a specific range in Java?
- What are the differences between a HashMap and a Hashtable in Java?
- What is the difference between public, protected, package-private and private in Java?
- AngularJS: Service vs provider vs factory