Spring Boot and Security with custom AngularJS Login page
Try adding WebSecuritConfigAdapter
@Configuration@EnableWebSecurity@EnableGlobalMethodSecuritypublic class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity .authorizeRequests() .antMatchers("/**").permitAll() .anyRequest().authenticated(); }}
There is one thing worng with login.js that it invokes authenticate()
which calls /user and you get a redirect to GET /login/. Spring looks for login.jsp which is not there and end up with 404 Not Found.
You can make it work by taking following steps:
1) Remove invocation of authenticate()
from line 38 in login.js
2) Add login processing URL like:
http. formLogin(). loginProcessingUrl("/perform_login"). and(). logout() ....
3) Change your login URL to 'perform_login' like:
$http.post('perform_login', data2, { headers : { 'Content-Type': 'application/x-www-form-urlencoded' } })....
and it works, you get the user.
Refer to http://www.baeldung.com/spring-security-login for spring security config.
This kind of error is most likely a Spring Security configuration problem.
when i read your spring security, 'loginPage' is commented.
Also your :
antMatchers("/index.html", "/home/**", "/login/**", "/bower_components/**", "/", "/main.js", "/login/", "/navigation/**","/login","login/","/login.html")
Seems weird to me.
antMatchers("/index.html", "/home**", "/login**", "/bower_components**", "/main.js", "/navigation**")
Should be fine.
And i'm not very fond of Angular, but your authenticate() method is called (just after it's definition) and it does a GET on 'user' which is not in your 'permitAll' matcher.
So consider doing this differently.Wether you add the matcher, which is not a good practice to permit user data free access.Or get the user info after you authenticate.
Cheers