Securing the backend
We have implemented CRUD functionalities in our frontend using an unsecured backend. Now, it is time to switch on security for our backend and go back to the version that we created in Chapter 5, Securing and Testing Your Backend:
- Open your backend project with the Eclipse IDE and open the
SecurityConfig.java
file in the editor view. We have commented the security out and have allowed everyone access to all endpoints. Now, we can remove that line and also remove the comments from the original version. Now, theconfigure
method of yourSecurityConfig.java
file should look like the following:@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().cors().and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy. STATELESS).and() .authorizeRequests() .antMatchers(HttpMethod.POST, "/login").permitAll() .anyRequest...