'angular 2 login with spring security

im trying to integrate spring security with a custom angular 2 login, that is a specific endpoint of my app is protected with spring security, trying to access it will redirect to /login that is handled in angular 2. as things stands now i have no clue as to how to perform the login and grant access to the backend API once logged.

i am configuring spring security as follows:

@Override
protected void configure(final HttpSecurity http) throws Exception {
    http
        .csrf().disable()
        .cors().and()
        .authorizeRequests()
        .antMatchers("/api/someEndpoint/**")
        .hasRole(ADMIN_ROLE).and().formLogin()
        .loginPage("/login").and().logout();
}


@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
}

as I had the default login everything worked fine, but I have found myself unable to create a working angular 2 login integration. I tried the following code in angular 2 to no avail:

login(loginDetails:Object) {
    console.log(loginDetails)
    const headers = new Headers({ 'Content-Type': 'application/json' });
const options = new RequestOptions({ headers: headers });
const body = JSON.stringify(loginDetails);
    console.log(headers);
    console.log(body);
return this.http.post(this.loginUrl, body, options) 
}

as far as I know spring security defaults for username and password variable names are "username" and "password", which i am sure are being passed in the request body so when passing some invalid user data like {"username":"admin", "password" : "pass"}I should be redirected to /login?error or something, and when successfully authenticated I should be redirected to /welcome and stay authenticated

I have the user and pass defined in my db and my custom userDetailsService checks against it any answers, comments or questions are welcome

restangularspring-mvcspring-securityrestful-authentication


Solution 1:[1]

Your spring security config needs to look like this

 http!!
     .cors().and()
     .csrf().disable()
    .authorizeRequests()
     .requestMatchers(object: RequestMatcher {
       override fun matches(request: HttpServletRequest?): Boolean {
         return CorsUtils.isCorsRequest(request)
       }
     }).permitAll()
    .antMatchers("/api/**").authenticated()
    .anyRequest().permitAll()
    .and()
    .formLogin().permitAll()

Solution 2:[2]

I had a similar issue, but I had to override the successlogout handler as mentioned here.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Ninja420
Solution 2 Karthikeyan

Related Questions

How to configure log4j in a Spring Mvc application configured with Java Annotations and using a log4j.properties file

Spring 3 MVC: Issue binding to list form fields on submit

Spring @Value annotation always evaluating as null?

what is the default page for spring-mvc application

exception sending context initialized event to listener instance of class

exception sending context initialized event to listener instance of class

How can I make Spring WebServices log all SOAP requests?

Hibernate : Why is it trying to drop/create database on startup?

Ignore fields from Java object dynamically while sending as JSON from Spring MVC

@EventListener for AuthenticationSuccessEvent or InteractiveAuthenticationSuccessEvent not fired

400 Bad Request - while POSTing JSON data to RESTful controller implemented with Spring MVC

How to convert a multipart file to File?

SpringBoot Web MVC Application cannot resolve JSP views

Getting an exception "Failed to start service jboss.module.service" for spring portlets

Could not exec java with Spring+Maven exit code 1