An open API service indexing awesome lists of open source software.

https://github.com/itzg/spring-security-spa

Provides Spring Security filters and supporting classes that streamline the use of authentication and registration within Single Page web Applications
https://github.com/itzg/spring-security-spa

spring-mvc spring-security

Last synced: 2 months ago
JSON representation

Provides Spring Security filters and supporting classes that streamline the use of authentication and registration within Single Page web Applications

Awesome Lists containing this project

README

          

This library provides Spring Security filters and supporting classes that streamline the use of
authentication and registration within Single Page web Applications (SPA).

## Installation

Add the jcenter repository to your build, such as

```xml


false

jcenter
jcenter
https://jcenter.bintray.com

```

and the dependency to this library

```xml

me.itzg
spring-security-spa
1.1.0

```

## Usage

This library provides a pair Spring Security filters that both accept a JSON payload via a POST:
* `me.itzg.spring.security.spa.RegistrationFilter`
* `me.itzg.spring.security.spa.RequestBodyLoginFilter`

The JSON payload must contain two fields:
* `username`
* `password`

The library also provides `SimpleLogoutSuccessHandler` in order to conclude the logout process with just a 200 OK
status code.

The registration manager needs a [`UserDetailsManager`][1] in order to add the newly registered user.
It also needs a [`PasswordEncoder`][2] to encode the registration's new password. The following example
shows how to configure the filters in a way that consistently manages those beans between the filters
and the Spring security layer.

## Example

```java
import me.itzg.spring.security.spa.SinglePageAppConfigurer;
import me.itzg.spring.security.spa.SimpleLogoutSuccessHandler;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()

.and().logout().logoutSuccessHandler(new SimpleLogoutSuccessHandler())
.and().csrf().disable() // CSRF is less helpful (and a little annoying) with single page apps

.and().apply(new SinglePageAppConfigurer<>()).registerUrl("/register/local").loginUrl("/login/local")
;
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsManager())
.passwordEncoder(passwordEncoder())
.and()
.inMemoryAuthentication();
}

@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}

@Bean
public UserDetailsManager userDetailsManager() {
return new InMemoryUserDetailsManager();
}
}
```

[1]: https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/provisioning/UserDetailsManager.html
[2]: https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/crypto/password/PasswordEncoder.html