These are chat archives for spring-guides/tut-spring-security-and-angular-js

24th
Nov 2015
Fairuz Wan Ismail
@wmfairuz
Nov 24 2015 02:51
Hi Does this project support JWT tokens?
Dave Syer
@dsyer
Nov 24 2015 06:49
@wmfairuz this project is just a tutorial on how to use angular and spring security. There is one sample app that happens to use JWTs.
@ccit-spence I don't think there is a "yes" or "no" answer to that question. One of the early samples suggests that network security might be adequate. But it's really situational.
ccit-spence
@ccit-spence
Nov 24 2015 06:53
@dsyer thanks, that is kind of what i thought. I have no reason to expose the api to the outside world. If the firewall was is hacked we have bigger problems anyways
Fairuz Wan Ismail
@wmfairuz
Nov 24 2015 06:54
Dave Syer
@dsyer
Nov 24 2015 06:57
Yes
Fairuz Wan Ismail
@wmfairuz
Nov 24 2015 08:05
@dsyer Great project / tutorial! Maybe you receive these kind of question a lot but I still need to ask. Let say I leverage microservice architecture where I only expose my API gateway (Zuul in this case) to the outside world. Do we still need to protect our microservices API with this kind architecture choice? Thanks
Dave Syer
@dsyer
Nov 24 2015 08:08
That's what @ccit-spence was asking I think. It's up to you. Often there are auditing or business requirements that demand at least identity level security for back ends. But it depends on the application.
Fairuz Wan Ismail
@wmfairuz
Nov 24 2015 08:14
@dsyer Yes. When you put it that way, it make sense to also have the services protected for auditing purposes (who do what and when). @ccit-spence What is your approach / stack of choice if I may ask
Fairuz Wan Ismail
@wmfairuz
Nov 24 2015 15:24
I cannot print (ctrl + P) guides at https://spring.io/guides/tutorials/spring-security-and-angular-js . Is this a known issue for spring.io? I tried several other guide and had the same issue. The prompt print window came out fine but it only shows the first page. Other 31 pages are empty pages.
Dave Syer
@dsyer
Nov 24 2015 16:56
No idea
Try a different browser?
Seem to work OK for me with Chrome
Maybe not
spring-io/sagan#356
ccit-spence
@ccit-spence
Nov 24 2015 17:24
@wmfairuz We are still finalizing the approach. I want it to be as simple as possible. One thought is that Zuul uses Spring Security and can access API’s via Ribbon. None of the internal only API’s would have routes within Zuul. Our platform is within AWS VPC’s. The idea for security would be to isolate the API’s via Security Groups.
It is still a work in progress and might change. @dsyer is right about the identity possibly being needed at the API level.