Add Spring Security

[trevorosborne1989]

• Add everything the UI needs for the Login component.
• Update database to accommodate authorized users.

[trevorosborne1989]

• Follow this guide for the service. spring security with jbdc
• Update your sql loading data to reflect username and password.

• Look at the controllers and the security annotations to learn more about the use.

• This link helped you setup your SecurityConfiguration.java Spring Security
• Get rid of CORS issue. You are now POSTing to the spring security endpoint you configured in the above java class. I believe that compares against the database and sets a cookie. You also have it set to upon success to route you to the admin dashboard console. You should also render the tab icon for admin to be visible depending on a conditional true/false piece of state that can be delivered from Spring Security once authentication passes successfully.
• You have routing configured in app.jsx

[trevorosborne1989]

• You are now at a CORS issue. It was an issue with other endpoints after adding security but your updates to CORSConfig changed that.
• After fixing this, it should be that after UI posts to the unique spring security url, spring security in your app show use the loadbyusername to see if the user exists in my db and then validate the db stored password with what user provided in the form. After authentication, I believe it will create a user entity in the service that will allow access to certain endpoints if they were restricted to this user's role. Also, I think an object will be returned to the ui after a successful authentication that can be used in your conditional renderings.

[trevorosborne1989]

• CORS issue fixed. You know how to use Spring Security for endpoints and you can look at saved documentation to set role access to specific endpoints.
• Now figure out how to get login working and load a user object to cookies or whatever.
• Check this out Spring Security docs

[trevorosborne1989]

• User object is successfully created in userdetailsserviceimpl when observed via logging.
• The question online you should be asking might have to do with the returned 302 which directly applies to using the /login endpoint that begins authentication processing. Its perhaps some kind of redirect issue but you removed that in your service and handle redirection in your UI as suggested online.
• It seams your service is working properly and accepts the params from your ui and generates the user object. But the returned responses back to my browser get messed up.

[trevorosborne1989]

Check this youtube out click here

• I put proxy in package.json.
• I removed some of the localhost url in the ui service file and got a not found error fro login but no CORS issue. I did the same for another endpoint and that url was found back in the service and worked fine. Continue watching the video and the others to find out more.

[trevorosborne1989]

• Watched this video which had me move the CorsConfigurationSource Bean to SecurityConfiguration instead of CorsConfig where I have EnableWebSecurity annotated. I also added a cors chained config. No longer seeing CORS issue but now a 302 and then a 404 not found.
• Perhaps watch the other videos as this pinpoints the CORS & spring security issue you are having or ask new questions regarding receiving a 302 then 404 with Spring Security.

[trevorosborne1989]

• Check logging trace and ask new questions.

[trevorosborne1989]

• username and password not being sent in frontend headers as indicated by new tracing level in service. Check axios docs to see how to set headers with authentication.
• axios authentication

[trevorosborne1989]

Working with cookies in react. Look at this website

Also, check more about Cookies api here.

• Mess around and see what data you can take from the set cookie and use as a conditional to access certain pages. You can already limit the service endpoints easily on the server side. Page navigation will be done on the ui using the cookie.

• I'm not sure what data user wise you can pull from the cookie but I think you really only need to verify the condition if a cookie is set or not. Just having one set indicates this user has full access for nchandi business logic. They should be able to access every page in the ui conditionals. You can secure endpoints in the service if you like with the example you already have.

• Add a logout button.

[trevorosborne1989]

Spring is setting SecurityContextHolder to authenticated then back to anonymous, so when I go to retrieve details its null. Ask this question.

[trevorosborne1989]

• Put logout button in the admin container on the bottom left inside the left tab area. That way you can use history and its more relevant here anyways. This will delete all cookies I believe as it is configured in SecurityConfig in the service. Then do a history redirect back to login form. I would also use the cookie isAdmin as a conditional to gray out and disable the Admin navbar selection or make it enabled once authenticated for easy navigation between admin portal and public facing portal.