philipsorst / angular-rest-springsecurity Goto Github PK

Hi,

While analyzing some design rules with design tests for persistent classes, I discovered that 91% of a sample of 40 projects from GitHub don't follow the rule about the implementation of the equals/hashCode methods.

These rules are in the documentation of Hibernate (subsection 2.1.5 chapter 2). The first one states that the equals/hashCode methods must be implemented and the second one that their implementation must not access the identifying property. 66% of the projects violate the first rule and 25% violate the second one.

How do you use the framework Hibernate / JPA. I would like to ask two questions:

Do you think these software projects have latent bugs caused by the design rules violations or is the rule unnecessary?

Did your development team discusses about the recommendations for use of Hibernate / JPA?

There are also other rules that they aren't being followed. For more details about the experiment with others results, access: http://tacianosilva.github.io/designtests

Thanks in advance!

Hi Phil,

I went through this project and found very useful for securing restapi. Thanks for sharing and putting it together. Could you please guide me how to write invalidate rest end point for logout the session.

--Sandeep

Hi,

After login I can see user->Logout menu in top-right side. When I refresh the page the menu disappears. How can I solve it?

Thank you

P.S. Probably it may be solved by
$rootScope.user = user;
after getting user from the cookie, app.js, line 89

Hi, I want to say this project is really good and it illuminates on how back-end Spring Security supports token based authentication.

But I want to ask, in the "AuthenticationTokenProcessingFilter", there is a line:

authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));

It seems this line is to load the Session info for current request for the server side. However, as we all know, this project relies on token based authentication, and hence loading the session in the server is no use any more (I guess loading the session here is essential if we use the traditional session_id authentication).

And if I remove this line from the source and run this project, the authentication works normal, good as well.

So I just want to clarify the use of this line here.

The project is not updated for long, but I think this project illuminates much about token based authentication in Spring Java, which rare projects in Github cover and explain clearly like this one, so I am very thankful, and I am digging into this project.

Anyone helps on this? Thank you!

I couldn't run the application since i was using java 13 . So i searched for the solution .

I found it on the first answer in the website : https://stackoverflow.com/questions/57548038/error-creating-bean-with-name-entitymanagerfactory-not-fixed-by-javaxb-or-hibe

The code works well , Thank's .

So just add the comment in case people are using java >= 11

Congrats on the excellent work!! What about registration through email, Forgot Password, Forgot Username with also email notifications? This will be a great enhancement. What about branches with other types of databases such as Mongo and Neo4J. I got LDAP security working, if you are interested. Finally I believe its time to have another branch with noXML Java configuration and Spring Boot.

I have to update JDK 7 to 8. For this need to update spring frame work 3 to 4 as well security.
I have update all spring jar to 4.0.0.RELEASE but can't login.

Thank for help.

Preauth Documentation

thank you for this wonderfull application

if I want to work with real database, can you show me the database sturctur please

I want to create dynamic role. For that need to save intercept url "<security:intercept-url method="GET" pattern="/rest/news/**" access="hasRole('USER')" />" in MySql DB then load it for DB.

Is it possible ?

Thanks for your help once again.

Hi,
Thanks for this tutorial,

when run this project inside eclipse IDE the edit and delete links disappear.

Can you please tell me where is the start point of this project, I looked for a welcome file or a default controller, but could not understand how this rest project start.
thanks, your help is appreciated.

When loading or refresh any page there are AngularJS expressions is appear for a second. See the screenshot:

I like your example a lot and I reworked it a little bit and moved it to Spring Boot and emphasized Java configuration wherever possible.

The revised example is here:

https://github.com/joshlong/boot-examples/tree/master/x-auth-security

However, i just realized i don't know what your license is. I'm hoping to share the revised example with others.

Is it ok if i license my fork of your code as Apache 2 licensed? Also, would you have any interest in accepting my changes back your example so that way I can just link to yours instead? I can update it to catch up w/ your recent changes (including accommodating a database, for example). Please ping me at [email protected] and thanks in advance!

angular.js:68 Uncaught Error: [$injector:modulerr] Failed to instantiate module exampleApp due to:
Error: [$injector:nomod] Module 'exampleApp' is not available! You either misspelled the module name or forgot to load it. If registering a module ensure that you specify the dependencies as the second argument.
http://errors.angularjs.org/1.4.2/$injector/nomod?p0=exampleApp
at https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular.js:68:12
at https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular.js:1958:17
at ensure (https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular.js:1882:38)
at module (https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular.js:1956:14)
at https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular.js:4364:22
at forEach (https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular.js:336:20)
at loadModules (https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular.js:4348:5)
at createInjector (https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular.js:4274:11)
at doBootstrap (https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular.js:1630:20)
at bootstrap (https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular.js:1651:12)
http://errors.angularjs.org/1.4.2/$injector/modulerr?p0=exampleApp&p1=Error….googleapis.com%2Fajax%2Flibs%2Fangularjs%2F1.4.2%2Fangular.js%3A1651%3A12)(anonymous function) @ angular.js:68(anonymous function) @ angular.js:4387forEach @ angular.js:336loadModules @ angular.js:4348createInjector @ angular.js:4274doBootstrap @ angular.js:1630bootstrap @ angular.js:1651angularInit @ angular.js:1545(anonymous function) @ angular.js:28361fire @ jquery.js:3099self.fireWith @ jquery.js:3211jQuery.extend.ready @ jquery.js:3417completed @ jquery.js:3433

Hi,

Tanks for you work.

Can you tell us more about how to contact (only) your REST back end with Postman (example).
What url do we have to enter ?
For a local test, is it this one : http://localhost:8080/angular-rest-springsecurity/rest/user/authenticate ?

What type of authentication do we have to choose within the client ?

What's the scenario you have in mind ?

Best regards !

Thank you for a very good tutorial.

What about Spring 4 annotations config integration?

Thank you.

I believe line 58 in UserResource should be

roles.put(authority.getAuthority(), Boolean.TRUE);

Hi,

I've been checking out your example and it has helped me understand the technology used a lot better.

I have found one issue however:

The LoginService definition is as follows:

services.factory('LoginService', function($resource) {
    return $resource('rest/user/:action', {},
            {
                authenticate: {
                    method: 'POST',
                    params: {'action' : 'authenticate'},
                    headers : {'Content-Type': 'application/x-www-form-urlencoded'}
                },
            }
        );
});

However, the Content-Type header here does not seem to be working. When I look at the actual headers sent over the wire, a different header is sent:

POST /angular/rest/user/authenticate HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Content-Length: 27
Accept: application/json, text/plain, */*
Origin: http://localhost:8080
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36
Content-Type: application/json;charset=UTF-8
Referer: http://localhost:8080/angular/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6

In your application this is not an issue as you use JAXRS annotated resources. However, we are using Spring MVC @controllers, which require 'application/x-www-form-urlencoded' as Content-Type in order to bind the POST body to @RequestParams.

I think this is an issue in ngResource, I thought I would just let you know this is occurring.

I cloned the latest source today and it all seems to work when I start it with "mvn jetty:run". However, when I go to http://localhost:8080, it either hangs (nothing loads) or the following error gets rendered:

GET on partials/login.html failed with status 0

On OS X Mavericks with Java 7 and Maven 3.1.0.

Hi Philip

My name is Farid. I'm a developer with great interest in making open source contributions to popular projects.

My company - DevFactory - is sponsoring me to improve unit test coverage in open source projects.

I have analyzed angular-rest-springsecurity and observed that there is room for improvement of coverage. The results indicate that the project has:

Coverage: 0%, Total Lines: 736

If you are interested in having us work towards improving the project’s coverage to 80%, please let me know and we will add it to our pipeline. Our first step will be to create a pull request with a sample. Once you approve it, we'll follow up with one or two more pull requests. Our target is to increase code coverage to above 80 percent.

For an example of our work, please see these Pull Requests accepted by the community:

• oblac/jodd#264
• iluwatar/java-design-patterns#294

I'm looking forward to your confirmation.

Thank you,
Mohd Farid
Open Source Code Coverage Team
DevFactory

The authentication don't want to work via http proxy.
Looks like the proxy servers cut X-Auth-Token header.
Can you take a look?