You can use the JSON Web Token standard as a part of your authentication and authorisation solution in a project built with Spring Boot and Angular. Check out this post to learn how to apply Spring Security, AuthGuard and JWT to your apps.
The goal is to secure a multi-module application, written in Java 11 with Spring Boot for the backend and Angular for the frontend. The project can be built into a single jar file using Maven but we can also run the Angular app separately during development with the $ ng serve command.
The finished project is available in the GitHub repository – little-pinecone/jwt-spring-boot-angular-scaffolding.
You can see the final directory tree for the project on the image below:
The structure of the backend and frontend modules will be presented in the corresponding sections.
| I try to keep the project up to date. Visit the releases list to keep track of the current versions of frameworks and libraries used. |
Spring Boot 2.1.1 project with the Web and H2 dependencies. You can read about setting up this project with Spring Initializr in How to create a new Spring Boot Project.Angular 7:
$ ng --version Angular CLI: 7.1.4 Node: 10.15.0 OS: linux x64 Angular: ... Package Version ------------------------------------------------------ @angular-devkit/architect 0.11.4 @angular-devkit/core 7.1.4 @angular-devkit/schematics 7.1.4 @schematics/angular 7.1.4 @schematics/update 0.11.4 rxjs 6.3.3 typescript 3.1.6
Java 11 – In case of problems with building an app, the Debugging the “Fatal error compiling: invalid target release: 11” issue. How to switch your development environment and IntelliJ settings to Java 11 post may help you find the reason.
$ java -version openjdk version "11" 2018-09-25 OpenJDK Runtime Environment 18.9 (build 11+28) OpenJDK 64-Bit Server VM 18.9 (build 11+28, mixed mode)
$ lsb_release -a Distributor ID: Ubuntu Description: Ubuntu 18.04.1 LTS Release: 18.04 Codename: bionic
We will start with an application having:
If you want to learn how to build a similar multi module application, check out the Integrate Angular with a Spring Boot project post.
Our starting point is marked by the 0.1.1 tag in the repository. From here we are beginning our work to secure the application.
This app serves two pages – one for the login form:
the second one for displaying cookies taken from the API:
| We don’t want to show our treats to everyone, so we will apply the login/logout functionality to the project. |
In our Cookie dispenser app we have the Cross-Origin Resource Sharing already configured to allow calling the API and obtaining the Authorization header:
// jwt-spring-boot-angular-scaffolding/backend/src/main/java/in/keepgrowing/jwtspringbootangularscaffolding/config/DevCorsConfiguration.java
…
@Configuration
@Profile("development")
public class DevCorsConfiguration implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/api/**")
.allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
.exposedHeaders("Authorization");
}
}
We need this configuration activated only on the development environment to run frontend on the default http://localhost:4200/. We don’t want to be forced to rebuild the whole app only to see the changes made solely in the frontend part.
The CORS config is not needed on the production environment as the project is build into a single jar file and the whole app is served from the same origin.
In our Cookie dispenser app Spring Boot already surrenders routing control to Angular:
// in.keepgrowing.jwtspringbootangularscaffolding.config/MvcConfiguration
…
@Configuration
public class MvcConfiguration implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/**")
.addResourceLocations("classpath:/static/")
.resourceChain(true)
.addResolver(new PathResourceResolver() {
@Override
protected Resource getResource(String resourcePath, Resource location) throws IOException {
Resource requestedResource = location.createRelative(resourcePath);
return requestedResource.exists() && requestedResource.isReadable() ? requestedResource
: new ClassPathResource("/static/index.html");
}
});
}
…
If you are building a project on your own, remember to implement this feature. Check out the Make Spring Boot surrender routing control to Angular post to learn more.
Check out the Securing your Spring Boot and Angular app with JWT #2 – Backend post to see how to:
Check out the Securing your Spring Boot and Angular app with JWT #3 – Frontend post to see how to:
If you want to see a similar project build with Spring Boot 2.1.2, Angular 7 and Java 11 check out the repository of Scrum_ally – an app for project management.
Photo by Dhyamis Kleber on StockSnap
Spring Security allows us to use role-based control to restrict access to API resources. However,…
A custom annotation in Spring Boot tests is an easy and flexible way to provide…
Delegating user management to Keycloak allows us to better focus on meeting the business needs…
Swagger offers various methods to authorize requests to our Keycloak secured API. I'll show you…
Configuring our Spring Boot API to use Keycloak as an authentication and authorization server can…
Keycloak provides simple integration with Spring applications. As a result, we can easily configure our…
View Comments
very good
I get 403 response when i try to create a user via Postman.I dont know what i'm doing wrong. I use the latest release:https://github.com/little-pinecone/jwt-spring-boot-angular-scaffolding/releases/tag/v1.2.1Any help is greatly appreciated.
NVM I'm stupid, i didn't set my profile. Keep up the good work!