I am trying to understand Spring Security config for a REST API. So I am using @RestController as my controllers. Few questions, I would appreciate answers so I can have a more deep understanding.
So my understanding, is that REST applications completely separate the Frontend and Backend by communicating via HTTP methods. So at any time I can swap out frameworks for either of them. My questions related to REST and Spring Security are :
If I am using @Controller and a method is returning a view, meaning an HTML or JSP, and this method was triggered by my Angular frontend. Will the response be handled by Angular or when the user presses the button and the backend returns a view, will the user be redirected to the view and back to the application. Would be much appreciated if someone could explain the process.
Using Spring Security
https.(all other methods here).login()
Usually I allow all requests to my user-login endpoint and the do the Authentication logic in the controller so what is the Spring Security login configuration for ? It will send a page to the user for authentication right ? But my Angular frontend already has a login page. So how will this work ? (I understand this question may seem vague but I can't really explain it since I lack in-depth knowledge)
- Like question 2, but
http.(methods).oauth2Login()
When some one clicks the "Login with Google" in my Angular frontend, doesn't it open a window of the Google login page, or should it be redirected to Spring endpoint and it sends back a Login page or Login page URL so Angular can open it ? How does that work ?
I tried doing that manually,
@GetMapping("/oauth-url")
public String OAuthUrl()
{
String AUTH_URL = "Google Auth URL with Client_ID etc..."
return AUTH_URL;
}
So my Angular hits this endpoint and the URL is send, and it opens it with
window.open(AUTH_URL);
Then Google hits back at my callback Spring endpoint with Authorization code. Then I manually send a request for Access Token from my Spring service.
But can I do OpenID-OAuth2 stuff with Spring Security configuration without me manually implementing the steps.
LAST QUESTION 4) So Angular hits my "/oauth-url", gets back the URL. Opens it using window.open() in Angular. Then Google hits my callback URL "/callback" method. So that method manually calls for Access Token using the Authorization code it got and then with the ID token, it requests for User Info and returns User Info in the "/callback" method. But how can the Angular application get the "/callback" response when the referrer is the Google server ? Can I store the info in a global variable and then return to Angular when another endpoint is hit ? If so, what is the best method for storing global variables in Spring application ?
I would appreciate if the community could provide indepth answers so I can get a deep understanding. Don't mind the mistakes, since English is my second language.
Thanks in advance.