Demo samples for Angular JS with Spring Security blogs. All samples have the same basic functionality: a secure static, single-page application, which renders content from a secure backend JSON resource. Blogs are in READMEs of individual projects, and also on the Spring Blog. Also some summary slides here: http://presos.dsyer.com/decks/security-micro-clients.html (so far minimal).
Contents:
-
basic
: sample with HTTP Basic authentication, static HTML and an API resource all in the same server (blog). -
single
: adds form authentication, but static HTML and an API resource still in the same server (blog). -
vanilla
: form authentication and static HTML in one server ("ui") and an unprotected backend API resource in another ("resource") (blog). -
spring-session
: the same as "vanilla", but using Spring Session as an authentication token between the UI and the back end service (blog shared withvanilla
). -
proxy
: same as "vanilla", but with the UI acting as a reverse proxy for the backend (API Gateway pattern). CORS responses are not needed because all client requests go to the same server. Authentication for the backend could be overlaid using the "spring-session" approach (above) or using "oauth2" (below) (blog). -
oauth2-vanilla
: same as "proxy" but with OAuth2 SSO to the UI and OAuth2 resource server protection for the backend. The OAuth2 authorization server is no-frills (blog). -
oauth2
: same as "oauth2-vanilla" but JWT tokens (signed, encoded JSON, carrying information about the user and the token grant) and a nice UI with a login screen in the authorization server.