Search code examples
reactjsspring-bootspring-boot-adminspring-boot-starter-security

Unable to Authenticate in Springboot Security through Reactjs

I am currently building an Application with Springboot on the back- and Reactjs on the frontend. The springboot security function very well. the backend runs on http://localhost:8080/ and Reactjs (frontend) on http://localhost:3000/. How can i get the default springboot loginpage on my Reactjs login Page.

here is my SecurityConfiguration class

@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
...
  @Override
    protected void configure(HttpSecurity http) throws Exception {
       http.authorizeRequests()
               .antMatchers("/").permitAll()
               .antMatchers("/login/*").permitAll()
               .antMatchers("/createNewUser/*").hasAnyRole("Admin")
               .antMatchers("/deleteUser/*").hasAnyRole("Admin")
               .antMatchers("/test1/**").hasAnyRole("Admin","RegularUser")
               .antMatchers("/test5/**").hasAnyRole("Admin")
               .antMatchers("/test2/**").authenticated()
               .antMatchers("/test4/**").authenticated()
               //               .antMatchers("/test/**").hasAnyRole("ADMIN")
               .and().formLogin()
               .loginProcessingUrl("/login/process")
               .successHandler(customLoginSuccessHandler)
               .and().csrf().disable()
               .logout(logout -> logout
               .permitAll()
               .logoutUrl("/logout")
               .logoutSuccessHandler((request, response, authentication) -> {
                           response.setStatus(HttpServletResponse.SC_OK);
                       }
               ));
    }
}

For other URL not secured, i can access it on my React application with no problem. but when i call for example http://localhost:8080/test2/ in Reactjs with Axios i get a 403 error(acces forbiden). but on the browser when i call the same url i can authenticate myself and access the ressources needed. So to conclude the two application works perfectly but there is no connection between them.

Solution

  • I finally got an answer to my question by doing many researches. I needed to implement JWT(Json Web Token) and then get rid of, because the authentification is done through an Url

     .and().formLogin()
               .loginProcessingUrl("/login/process")
               .successHandler(customLoginSuccessHandler)
               .and().csrf().disable()
               .logout(logout -> logout
               .permitAll()
               .logoutUrl("/logout")
               .logoutSuccessHandler((request, response, authentication) -> {
                           response.setStatus(HttpServletResponse.SC_OK);
                       }
               ));