I have created Angular JS project which runs in node server under port 4200 & Spring boot based REST data service as separate project which runs in eclipse under 8080 port. REST services (RS) part uses OAuth based security & validates each request for access_token. This works perfectly fine as separate entity.
Now, I tried to build single WAR with angular compiled output in root folder of WAR & if i access application (by accessing any URL) - before Angular NG-router Spring boot security comes into picture & rejects the request for no OAuth validation.
@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**").authorizeRequests().antMatchers("/error").permitAll().anyRequest().authenticated();
http.csrf().disable();
http.headers().frameOptions().disable();
http.cors().configurationSource(new CorsConfigurationSource() {
@Override
public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
CorsConfiguration config = new CorsConfiguration();
config.setAllowedHeaders(Collections.singletonList("*"));
config.setAllowedMethods(Collections.singletonList("*"));
config.addAllowedOrigin("*");
config.setAllowCredentials(true);
return config;
}
});
}
This is my security config file. Please advise whether two separate WAR into single module EAR will solve this problem.
Check out my repository
There is a project structure to generate a single war.
Edit: Maybe you need to create a proxy.conf.json file
{
"/api/*": {
"target": "http://localhost:8080",
"secure": false
}
}
And add it to your angular.json file in architect-serve-options-proxyConfig
Your Security configuration is authorizing every url pattern. if you want your static content loaded before calling API for authentication/authorization, exclude .js, .css, .html files from security config.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.