Comments (4)
tur-ing
commented on July 17, 2024
OK, seems that this is not related to a CORS problem - it is more an authorization problem! The host is protected by Spring Security, so the socket listener can not access it (401 error):
Acutually, I would like to go through Zuul. Everything is working fine there now. But Zuul does not seem to have WebSocket proxy abilities.
UI Server
@SpringBootApplication
@EnableZuulProxy
@EnableOAuth2Sso
@EnableDiscoveryClient
public class SaCenterApplication extends WebSecurityConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(SaCenterApplication.class, args);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**").authorizeRequests()
.antMatchers("/index.html", "/home.html", "/").permitAll().anyRequest()
.authenticated().and().csrf().csrfTokenRepository(csrfTokenRepository())
.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
private Filter csrfHeaderFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
CsrfToken csrf = (CsrfToken) request
.getAttribute(CsrfToken.class.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
String token = csrf.getToken();
if (cookie == null
|| token != null && !token.equals(cookie.getValue())) {
cookie = new Cookie("XSRF-TOKEN", token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
};
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
}
Authorization Server
@SpringBootApplication
@Configuration
@RestController
@EnableDiscoveryClient
@EnableResourceServer
@EnableAutoConfiguration
@EnableAuthorizationServer
public class SaAuthApplication {
@Autowired
private DataSource dataSource;
@RequestMapping("/user")
public Principal user(Principal user) {
return user;
}
public static void main(String[] args) {
SpringApplication.run(SaAuthApplication.class, args);
}
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer resources)
throws Exception {
resources.tokenStore(tokenStore);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated();
}
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager auth;
@Autowired
private DataSource dataSource;
private BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
@Bean
public JdbcTokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
protected AuthorizationCodeServices authorizationCodeServices() {
return new JdbcAuthorizationCodeServices(dataSource);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security)
throws Exception {
security.passwordEncoder(passwordEncoder);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints.authorizationCodeServices(authorizationCodeServices())
.authenticationManager(auth).tokenStore(tokenStore())
.approvalStoreDisabled();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.jdbc(dataSource)
.passwordEncoder(passwordEncoder)
.withClient("my-trusted-client")
.authorizedGrantTypes("password", "authorization_code",
"refresh_token", "implicit")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.resourceIds("oauth2-resource")
.accessTokenValiditySeconds(600).and()
.withClient("my-client-with-registered-redirect")
.authorizedGrantTypes("authorization_code")
.authorities("ROLE_CLIENT").scopes("read", "trust")
.resourceIds("oauth2-resource")
.redirectUris("http://anywhere?key=value").and()
.withClient("my-client-with-secret")
.authorizedGrantTypes("client_credentials", "password")
.authorities("ROLE_CLIENT").scopes("read")
.resourceIds("oauth2-resource").secret("secret");
// @formatter:on
}
}
@Autowired
public void init(AuthenticationManagerBuilder auth) throws Exception {
// @formatter:off
auth.jdbcAuthentication().dataSource(dataSource).withUser("dave")
.password("secret").roles("USER");
// @formatter:on
}
}
Resource Server
@SpringBootApplication
@EnableDiscoveryClient
@EnableResourceServer
public class SaEmployeeApplication {
public static void main(String[] args) {
SpringApplication.run(SaEmployeeApplication.class, args);
}
}
from tut-react-and-spring-data-rest.
gregturn
commented on July 17, 2024
That may a bit out of scope for what we want to cover in this tutorial.
Have you looked at https://spring.io/guides/tutorials/spring-security-and-angular-js/? I realize it's Angular and you are using React, but they cover a lot of stuff you are alluding to such as Spring Security, Zuul, and OAuth2. You might want to skim over it, and see if it addresses the issues you interested in tackling.
from tut-react-and-spring-data-rest.
tur-ing
commented on July 17, 2024
OK. @gregturn if you need ideas for a new tutorial, I have a lot of them ;-)
from tut-react-and-spring-data-rest.
gregturn
commented on July 17, 2024
My desire for new tutorials is hedged by my ability to maintain them. ;)
from tut-react-and-spring-data-rest.
Related Issues (20)
- Modification in app is not reflected. HOT 3
- Conditional lacks the require('when') to run in app.js HOT 1
- My own version does not display entities in the table
- Typo on basic/README.adoc HOT 1
- Can not run the project on Spring Source Tool Suite. HOT 4
- Part 1 tutorial does not mention how to bootstrap/inject React into the project HOT 6
- Part 2 - Hypermedia Controls - Paging from frontend react not working HOT 3
- When not defined / rest.js review
- Executing goal indstall-node-and-npm error HOT 2
- Missing Links HOT 1
- Subsequent update to first name creates a new 'firstName' row for an employee when first and last match.
- React isn't rendering employee list after logging in with manager account HOT 7
- Copied all source, but nothing rendering in browser HOT 1
- Cannot resolve plugin com.github.eirslett:frontend-maven-plugin:<unknown> HOT 2
- Update this project so that it doesn't lose its cool features but stays in line with new packages
- how to add axios in package.json HOT 1
- Failed to execute goal com.github.eirslett:frontend-maven-plugin:1.9.1:install-node-and-npm (install node and npm) on project react-and-spring-data-rest-basic: Could not download Node.js:
- create dialogue component
- Source code does not render in browser
- If anybody needs this tutorial working with latest (March 2024) Spring Boot 3.2.3 and React 18.2.0... HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tut-react-and-spring-data-rest.