TardigradeX
commented
9 years ago @hantsy I also wasnt able to add plants as an admin. But when I commented out the Stateless setting It worked.
@ghillert First thanks for this example app, it was the first I found which shows an easy way to combine Spring Security and Angular. But there is a problem with the Security Config. Im not able to access /api/plants/\ with a POST Request even if im logged in as Admin. Log of HTTP Traffic:
POST http://localhost:9900/authenticate [HTTP/1.1 200 OK 75ms] "got user:" Object { username: "admin", roles: Object, token: "663a0799-c4da-4bd2-b6a1-c7f5dbdaefea", $promise: Object, $resolved: true, isAuthenticated: true } vendor.9e0d18d7.js:5 GET http://localhost:9900/views/add-plant.html [HTTP/1.1 200 OK 9ms] POST http://localhost:9900/api/plants [HTTP/1.1 403 Forbidden 17ms]
The only way I got it working is by removing STATELESS setting and use the default. Im just a novice related to spring security, but I assume that by settiing session managment to stateless no session will be created or used by Spring Security. Therefor the Spring Session Managment which is coupled to the Redis SessionRepository has no effect. For now I will just remove the Stateless setting and it will work. If I have time it will be more reasonable to implement a CustomToken Authentication filter as shown in this tutorial http://javattitude.com/2014/06/07/spring-security-custom-token-based-rest-authentication/.
hantsy
I am trying to adopt Spring Session in my new project, and I have explored the sample codes of Spring session, and this project is also a good example for me.
But security configuration did not work.
I used the similar configuration with this project.. the exception is I am not using Spring boot currently. I got a 403 status for protected resources. When I removed the "STATELESS" settings, and used the default IF_REQUIRED, got some info like Session id XXXXXX is invalid in
SessionMangeFilter, finally it raised a 403 error.I tried to find some difference from your codes, and expect some lucky there. But got the same error in the console when I was trying to add some plants.
2014-09-30 16:52:26.199 INFO 8224 --- [nio-9900-exec-8] o.s.b.a.audit.listener. AuditListener : AuditEvent [timestamp=Tue Sep 30 16:52:26 CST 2014, principa l=anonymousUser, type=AUTHORIZATION_FAILURE, data={type=org.springframework.secu rity.access.AccessDeniedException, message=Access is denied}]