Note
|
All JavaScript REST calls should be accept application/json |
Authenticate with [email protected] / password
Note
|
All JavaScript REST calls should be accept application/json |
Authenticate with [email protected] / password
We should have tests accessing the application before security exists. When we add security, we will need to fix those tests
We already have a formLogin().permitAll()
cc @jgrandja
Rather than @RequestMapping(method = RequestMethod.POST)
we can use @PostMapping
. There are other similar updates we can make too
This requires all JS to be self hosted
cc @jgrandja
Hi:
The current build.gradle will import jackson-databind-2.9.0 jar which causes springboot's staring up failure for reason of java.lang.NoClassDefFoundError: com/fasterxml/jackson/annotation/JsonMerge.
After modifying the build.gradle's dependencies as following , spring boot starts up successfully.
dependencies {
compile ".............
..............
"javax.servlet:jstl"
compile "com.fasterxml.jackson.core:jackson-databind:2.8.7"
compile ('com.maxmind.geoip2:geoip2:2.7.0'){
exclude group: 'com.fasterxml.jackson.core', module: 'jackson-databind'
}
Another way to learn:
The netbeans 8.2 tested maven version of presentation branch is post here -https://github.com/mingqin1/spring-security-4.1-and-beyond/tree/presentation . The maven converted codes serve the purpose of encourage of learning . All the credits go to Rob Winch, Joe Grandja
Our tests should be more focused. For example, we should not need to authenticate to delete Joe's messages. The test is deleting the messages...not authenticating as Joe. Instead, we should leverage @WithMockUser
, with(csrf())
, etc.
We can add additional tests that are specific to does CSRF work with cookies, does authentication work, etc.
To demonstrate CORS we need to split into two different apps. We should have it setup this way before we add security since CORS is really a Spring MVC application.
Requires change to Spring Security's LogoutConfigurer
See https://spring.io/blog/2013/07/11/spring-security-java-config-preview-readability/
If a save is attempted and validation fails we should give meaningful error messages
Right now the default page doesn't load anything. See http://localhost:8080/
We should load the inbox instead of a blank page.
We should either remove spring-data-rest or the controllers that handle the REST calls. If we remove spring-data-rest, I believe we can remove WorkAroundsConfig
We should allow access to the home page and deny access to any rest resources. The processing of the rest resource should trigger a 401 which should trigger the authentication dialog to pop up. This demonstrates the content negotiation within Spring Security
This is similar to https://github.com/rwinch/spring-state-securing-restful-apis/blob/master/messages-session/src/main/java/sample/config/SecurityConfig.java#L28
The beginning of the application should not use a custom userdetailservice, but one is present
I was not able to run the rest application using
gradle bootRun I am getting following error.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.