I am developing a web application using AngularJS and Spring (4.1.0.RELEASE) as a backend. Everything is working fine now. Now that the functionality is complete, I would like to add Spring Security (3.2.5.RELEASE) to the project, both for authentication and for authorization of all requests. Since I use Angular, all my views are static and are never displayed by the server. Therefore, a typical Spring security installation (using jsp to login) will not work. I looked at a lot of examples, and none of them matched my needs. I do not want to use any external frameworks such as Jersey to help with authentication or any views viewed by the server, for example. JSPs.
When I enable Spring Security, my GET requests still work fine, but my POST requests, such as my login requests, no longer work and return a 404 error. The controllers are correctly mapped and the URLs are valid, so I know that he should have something to do with Spring Security, intercepting the request and invalidating it. I'm not sure why this is so, but I think this may have something to do with queries that don't have proper headers and Spring CSRF protection. I do not want to disable this protection. My question is, how can I identify a custom login URL with Spring Security that will authenticate my POST login request, and then send all the headers needed to enable future authenticated requests?
EDIT: I got the url to work. Is there a way to extract a CSRF token from an ajax call? My views are all static, and the server first gets into the login request, so there is no jsps and there is no way to get the csrf token from the server through jsp tag libraries. The first answer assumes we are on jsp, which is not the case. Is there a way to enable CSRF protection, or do I need to disable it and do my own request validation?
holtc source
share