stackoom
  简体   繁体   中英

Can not secure AngularJS page using Spring Security

 原文  2014-08-16 17:01:51       java/ angularjs/ spring/ google-app-engine/ spring-security

Question

I am using spring security to secure my app with the below configuration to try and display Spring default login page:

spring-security.xml 

    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http auto-config="true">
        <intercept-url pattern="/**" access="ROLE_USER" />
    </http>

    <authentication-manager>
      <authentication-provider>
        <user-service>
        <user name="test.account" password="123456" authorities="ROLE_USER" />
        </user-service>
      </authentication-provider>
    </authentication-manager>

</beans:beans>

My problem is that all resources are succesfully authenticated excpet the Angular file (localhost:8080/#/notification) which is always open to public.

Edit 1 :

I've tried to run the above spring security configuration on Jetty server and it works great. The problem only appears when using Google AppEngine even after adding <sessions-enabled>true</sessions-enabled> to appengine-web.xml.

Thank you in advance.

1 answers

solution1
 1 ACCPTED  2014-08-18 09:40:52

I've been able to secure static files using Spring MVC on Google AppEngine using the <security-constraint> attribute of the web.xml file.

Example: 

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Public Area</web-resource-name>
        <url-pattern>/xyz</url-pattern>
        <url-pattern>/images/*</url-pattern>
        <url-pattern>/yyz/*</url-pattern>
        <url-pattern>*.xml</url-pattern>
    </web-resource-collection>
</security-constraint>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Download secure page from controller, Spring security How to secure an included page with Spring security Can secure tabbed form with spring security How to secure URLs using Spring security? How can I secure my Spring Data Rest endpoints using Spring Security? Spring Boot and Security with custom AngularJS Login page Secure REST with Spring Security Spring RESTFul Webservice secure client call using Spring Security how to secure swagger-ui with basic auth using spring security Cannot secure HTML files using Spring-Security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM