1

I have an angular app that I need to secure. We have a central SSO app in our organisation. This central app provides a login page and sets cookie after authenticating the user.

Now I need to redirect user from my angular app to this central login page in case authentication cookie is missing/expired.

Can someone please help, how can I redirect to a different page using angular routing ? It seems angular always redirect only relative to base url.

I also tried to use spring mvc and security to restrict access to index.html from server end, but I am not able to set the mapping for showing index.html file (outside web-inf) from dispatcher servlet.

coder
  • 4,458
  • 2
  • 17
  • 23

2 Answers2

3

angular's routing is for routing within the page.

Use native location.href for this.

Konstantin Krass
  • 8,626
  • 1
  • 18
  • 24
1

It sounds to me that you are trying to have partial AngularJS page and partial Spring MVC web application. I have also tried this, but then things did not go so well.

If you want to build a web application using AngularJS, I suggest you to start using AngularJS fully as Single Page Web Application and use your Spring MVC as a RESTful web service which is secured by Spring Security.

Read this article: restful-web-service-with-spring-security

The custom AuthenticationEntryPoint must return an HTTP status which AngularJS will process further in $http.success or $http.error. In case of $http.error you force user to go to the login page maybe something like $location.url("/login");

To make all $http.error points to the login page, you can use AngularJS http interceptors.

NB: You should secure your whole web application on the web server level by permanently redirect from http to https. Example: Apache HTTPD

Community
  • 1
  • 1
Bram E Pramono
  • 135
  • 3
  • the problem is that I have an external login page, so I cant use $location.url("/login"), the url is not relative. – coder May 15 '14 at 02:41
  • In that case, you can either create form in your angular application that will send the login to the external login url or use Konstantin's answer. I do not see any other option. – Bram E Pramono May 15 '14 at 08:43
  • does using native location.href has any disadvantage ? I cant go with login forn approach as the page I am redirecting to sets auth cookie for user – coder May 15 '14 at 09:32
  • Using location.href is the only way to get out of the angularJS application. There is not a disadvantage in your case, because you are moving to an external page. – Bram E Pramono May 15 '14 at 09:50
  • The cookie should not be a problem, since it will normally be added by HTTP response. Try to read [set cookie angular $http](http://stackoverflow.com/questions/19383311/angularjs-http-does-not-seem-to-understand-set-cookie-in-the-response) and [http set cookie](http://en.wikipedia.org/wiki/HTTP_cookie#Setting_a_cookie) – Bram E Pramono May 15 '14 at 09:58