Hello,
I successfully set up an angular webapp with spring security following this tutorial: https://spring.io/guides/tutorials/spring-security-and-angular-js/
Everything works fine and I additionally configured spring security to use MySql database.
I am using spring boot and so my angularJS files are located in the static folder:
- "src/main/resources/static/js"
- "src/main/resources/static/css"
- ...
My first question is about the spring security configuration and which files/folders from the angular webapp I have to secure? Do I have to permit access to all the static content in spring security configuration? e.g.:
http.httpBasic().and().authorizeRequests()
.antMatchers("/js/**", "/css/**", "/").permitAll()
Or is this not a good idea? What is best practice here? I first tried to give access to only the the "/" and "/login" page, but this does not worked for me!
Example spring security configuration from the tutorial:
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/index.html", "/home.html", "/login.html", "/").permitAll()
.anyRequest().authenticated();
}
}
My second question is about the angular file- and folder-structure under /static in my spring boot app. How can I configure an individual folder for my angular webapp in spring boot and give the app access with spring security, e.g. with this structure (not under /static):
MyAngularApp
-- login
-- Controller
-- loginController
-- Services
-- Templates
-- login.html
-- Feature 2
-- Controller
-- Services
-- Templates
-- Feature 3
-- Controller
-- Services
-- Templates
And what does the spring security configuration should look like for this structure?
