0

I've followed this and this tutorial to create a skeleton of an Angular.JS application with a Java-based backend. Its code can be found here.

It has authentication - at the start Spring boot writes to the console a random password, which you can use to login to the started application. User name is user and the password is printed in the console at the start:

Console output

Now I want to have several user accounts with fixed passwords (it's OK, if they are hardcoded).

How can I do this in that application without breaking compatibility with AngularJS?

I suppose that I have to modify SecurityConfiguration in UiApplication and use something like

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
        .withUser("user")
        .password("password")
        .roles("USER");
}

as explained here, but I'm not sure that it won't break AngularJS.

Improve this question

3 Answers 3

Reset to default
2

That's the solution:

@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
class SecurityConfiguration extends
    WebSecurityConfigurerAdapter {


    @Autowired
    public void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("user1")
            .password("password1")
            .roles("ADMIN")
            .and()
            .withUser("user2")
            .password("password2")
            .roles("USER");
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

As long as you don't change the authentication scheme (i.e. BASIC, FORM etc.), AngularJS doesn't care about how you manage the user accounts in the backend. Of course if you would have used a fixed user and password and have it hardcoded in the AngularJS code, you would have to change this.

Improve this answer

Comments

0

It wouldn't break the angular compatibility. But in addition to the code change you mentioned, you would also need to make sure that you are allowing access to /login URI anonymously. Change in your overloaded configure method would also be required, something as follows:

@Override
protected void configure(HttpSecurity http) throws Exception {
  http
    .httpBasic()
  .and()
    .authorizeRequests()
      .antMatchers("/login.html").permitAll()
  .antMatchers("/index.html", "/home.html").authenticated()
      .antMatchers("/index.html", "/home.html").hasRole("USER")
      .anyRequest().authenticated();
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.