0

I have two apps.

Front end - AngularJS website running on localhost:9000 and getting data from rest service (database)

Back end - Spring Boot Rest Service localhost:8080

How to create authenticate process for this two app? Login from (user, password). I reading some tutorials on spring website, but front end are build in spring project on the /resouce folder, not separated.

Improve this question
2
  • Please explain your issue briefly . Commented Aug 4, 2016 at 8:02
  • Simply I do not know how to start with this issue. Commented Aug 4, 2016 at 9:05

1 Answer 1

Reset to default
1

There are a couple of things you need to keep in mind if you are setting up your app the way you want to.

What kind of authentication mechanism do you want? For rest services Basic and oAuth2 are most common.

With Basic auth you would send authorization header in each request.

  • Each request will perform authentication all over again.
  • There is no state between client and server
  • Https is mandatory if you use basic auth.

With oAuth2 first you need to send basic authentication request to end point your.app/oauth/token? --- parameters

Response will contain access_token": "CQPt2VR2HJuCY3mb0xA1BVMyDltgvnpf6N2CXdsds3423YkGQID7VO-Mmu4idymlz"

Which you then include in every request with bearer token : Authorization Bearer CQPt2VR2HJuCY3mb0xA1BVMyDltgvnpf6N2CXVPXkaewYkGQID7VO-Mmu4idymlz

  • access_token has an expiration time. You can also send refresh_token which has longer expiration time.
  • There is no state between client and server
  • For smaller applications oAuth2 is too complicated and basic will suffice.

This is just an overview of common authentication methods. There are a lot of implementation tutorials. Example : https://spring.io/guides/tutorials/spring-boot-oauth2/ and http://www.baeldung.com/rest-api-spring-oauth2-angularjs

One thing to keep in mind is you will need to setup CORS filter. If you run your service and client on different ports. For starters annotate methods you want to use with @CrossOrigin(origins = "http://localhost:9000") You can of course register global cors filter.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

IIic it's good practise to run two apps (font end, back end)? Most tutorials about Spring Security showing font end and back end in one app.
Endless debate. I personally prefer to have both front -end and back-end on the same server. Some people say you have much faster server to serve your angular app than tomcat, think nginx.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.