1

I have created Angular JS project which runs in node server under port 4200 & Spring boot based REST data service as separate project which runs in eclipse under 8080 port. REST services (RS) part uses OAuth based security & validates each request for access_token. This works perfectly fine as separate entity.

Now, I tried to build single WAR with angular compiled output in root folder of WAR & if i access application (by accessing any URL) - before Angular NG-router Spring boot security comes into picture & rejects the request for no OAuth validation.

@Override
public void configure(HttpSecurity http) throws Exception {
    http.antMatcher("/**").authorizeRequests().antMatchers("/error").permitAll().anyRequest().authenticated();
    http.csrf().disable();
    http.headers().frameOptions().disable();
    http.cors().configurationSource(new CorsConfigurationSource() {

        @Override
        public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
            CorsConfiguration config = new CorsConfiguration();
            config.setAllowedHeaders(Collections.singletonList("*"));
            config.setAllowedMethods(Collections.singletonList("*"));
            config.addAllowedOrigin("*");
            config.setAllowCredentials(true);
            return config;
        }
    });
}

This is my security config file. Please advise whether two separate WAR into single module EAR will solve this problem.

Improve this question

2 Answers 2

Reset to default
1

Check out my repository

There is a project structure to generate a single war.

Edit: Maybe you need to create a proxy.conf.json file

{
     "/api/*": {
       "target": "http://localhost:8080",
       "secure": false
     }
}

And add it to your angular.json file in architect-serve-options-proxyConfig

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

hi, i tried your sample repository, but when i run it in jboss wildfly..page not found
0

Your Security configuration is authorizing every url pattern. if you want your static content loaded before calling API for authentication/authorization, exclude .js, .css, .html files from security config.

Improve this answer

1 Comment

I have skipped "/error" in above pattern with intent of authorizing any URL except "ERROR". but it is authorizing all URL request. please tell me what i have done wrong in configuration.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.