Dong Shin 12.05.2014

  • Web Development Using Spring and AngularJS Tutorials – very long and helpful!
    • Spring, Hibernate, Spring Security
    • grunt (watch), ng-boilerplate, ui-router(state changes), ngroute, ng-resource, build
    • getting the master example/tutorial to work – maven project!
      1. dependencies
        • <dependency>
          <groupId>org.springframework.security</groupId>
          <artifactId>spring-security-web</artifactId>
          <version>3.2.5.RELEASE</version>
          </dependency>
          <dependency>
          <groupId>org.springframework.security</groupId>
          <artifactId>spring-security-config</artifactId>
          <version>3.2.5.RELEASE</version>
          </dependency>
          <dependency>
          <groupId>org.aspectj</groupId>
          <artifactId>aspectjweaver</artifactId>
          <version>1.7.4</version>
          </dependency>
        •  Screenshot 2014-12-05 18.40.47
      2. add component scan to business-config.xml – tutorial.core.security
      3. create tutorial.core.security.SecurityWebAppInitializer class
      4. create tutorial.core.security.SecurityConfig class
        • @Configuration, @EnableWebSecurity
        • configAuthBuilder() – where the authentication happens!
      5. create tutorial.core.security.AuthFailure class to return response.setStatus(HttpServletResponse.SC_UNAUTHORIZED)
      6. create tutorial.core.security.AuthSucess to return response.setStatus(HttpServletResponse.SC_OK)
      7. add AuthFailure and AuthSuccess to SecurityConfig (@Autowired)
      8. add configure() method to SecurityConfig – configuation
        • add AuthFailure and AuthSuccess
        • JSESSIONID will be added to client – expires after 30min
      9. tutorial.core.security.EntryPointUnauthorizedHandler class
        1. add commence method
      10. add EntryPointUnauthorizedHandler to SecurityConfig
      11. add AccountUserDetails and UserDetailServiceImpl classes and add to configAuthBuilder() method in SecurityConfig
      12. modify sessionService, LoginCtrl in account.js
      13. use SecurityContextHolder (AccountController class) to get current user details for further processing
        1. throw Forbidden exception
      14. whitelist access –
        • security:protect-pointcut in mvc-dispacher-servlet.xml
        • @PreAuthorize(“permitAll”)