A Problem while deploying Spring Boot + Angular application

Hi,

I created an Angular application with a Spring Boot backend, currently I work locally by running the server on Intellij and the angular App with "ng serve",
I want to deploy my app to Heroku.

I searched on the internet, and I saw that one of the first steps to do that is to build the Angular app and copy the "dist" content to "src/main/resources/static" .

I copied the content, then tried to run the server (still working locally) and access the app from the browser at this address :   "http://localhost:3000/"    (I defined 3000 as the Spring Boot app port).

Unfortunately, I am not seeing my Angular app, what I am seeing is the "Whitelabel Error Page"

This application has no explicit mapping for /error, so you are seeing this as a fallback.
Sat Nov 09 17:26:21 IST 2019
There was an unexpected error (type=Forbidden, status=403).
Access Denied

I assume that I am getting "access denied" error because I have a "JWTAuthorizationFilter" on my API - consumers of the API must provide a valid json web token in the request header.

But my question is:   What should I do in order to cause the "http://localhost:3000/" return the Angular App and not access the API, what am I missing here?

My App has two controllers (@RestController) , that have a couple of GET\POST\DELETE\PUT requests.

And I configured a JWTAuthenticationFilter and JWTAuthorizationFilter:

public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilter {    private AuthenticationManager authenticationManager;    private ApplicationUserRepository applicationUserRepository;    public JWTAuthenticationFilter(AuthenticationManager authenticationManager,                                   ApplicationUserRepository applicationUserRepository) {        this.authenticationManager = authenticationManager;        this.applicationUserRepository = applicationUserRepository;    }    @Override    public Authentication attemptAuthentication(HttpServletRequest req,                                                HttpServletResponse res) throws AuthenticationException {        try {            User creds = new ObjectMapper()                    .readValue(req.getInputStream(), User.class);            return authenticationManager.authenticate(                    new UsernamePasswordAuthenticationToken(                            creds.getUsername(),                            creds.getPassword(),                            new ArrayList<>())            );        } catch (IOException e) {            throw new RuntimeException(e);        }    }    @Override    protected void successfulAuthentication(HttpServletRequest req,                                            HttpServletResponse res,                                            FilterChain chain,                                            Authentication auth) throws IOException, ServletException {        String username = ((org.springframework.security.core.userdetails.User) auth.getPrincipal()).getUsername();        String token = JWT.create()                .withSubject(this.buildTokenSubject(username))                .withExpiresAt(new Date(System.currentTimeMillis() + EXPIRATION_TIME))                .sign(HMAC512(SECRET.getBytes()));        res.setHeader("Access-Control-Expose-Headers","Authorization");        res.setHeader(HEADER_STRING, TOKEN_PREFIX + token);    }    private String buildTokenSubject(String username){        User user = this.applicationUserRepository.findByUsername(username);        JSONObject jsonUser = new JSONObject();        jsonUser.put("id", user.getId());        jsonUser.put("username", username);        return jsonUser.toString();    } }


public class JWTAuthorizationFilter extends BasicAuthenticationFilter {    public JWTAuthorizationFilter(AuthenticationManager authManager) {        super(authManager);    }    @Override    protected void doFilterInternal(HttpServletRequest req,                                    HttpServletResponse res,                                    FilterChain chain) throws IOException,                                                              ServletException {        String header = req.getHeader(HEADER_STRING);        if (header == null || !header.startsWith(TOKEN_PREFIX)) {            chain.doFilter(req, res);            return;        }        UsernamePasswordAuthenticationToken authentication = getAuthentication(req);        SecurityContextHolder.getContext().setAuthentication(authentication);        res.setHeader("Access-Control-Expose-Headers","Authorization");        chain.doFilter(req, res);    }    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request) {        String token = request.getHeader(HEADER_STRING);        if (token != null) {            // parse the token.            String user = JWT.require(Algorithm.HMAC512(SECRET.getBytes()))                    .build()                    .verify(token.replace(TOKEN_PREFIX, ""))                    .getSubject();            if (user != null) {                return new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>());            }            return null;        }        return null;    } }


I still don't understand how the separation between the angular application and the Spring Rest API is expressed in the Java spring project deployment.

Can you please help me fix this issue, or guide me where can I find an explaination about this ?

if you bundle the angular app with the spring boot app you would want to put some execution info in maven pom file.

If the angular app is just hanging out in the static area you would need to make the url path to your static files accessible without logging in.

Al Hobbs wrote:if you bundle the angular app with the spring boot app you would want to put some execution info in maven pom file.

If the angular app is just hanging out in the static area you would need to make the url path to your static files accessible without logging in.

Hi,
Yes you are right, I need to make the URL path to the static files accessible without logging in. And I found the way to do it:

The problem was that all the requests were authenticated in the "WebSecurityConfigurerAdapter":

   @Override    protected void configure(HttpSecurity http) throws Exception {        http.cors().and().csrf().disable().authorizeRequests()                .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()                .anyRequest().authenticated()                .and()                .addFilter(new JWTAuthenticationFilter(authenticationManager()))                .addFilter(new JWTAuthorizationFilter(authenticationManager()))                // this disables session creation on Spring Security                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);    }

So I had to replace the ".anyRequest().authenticated()" with ".antMatchers( "/api/**").authenticated()" in order to authenticate only the API (all of my API requests starts with /api/v1/).


Thanks.