Spring Security + AngularJS + Permissions: disabling all pages for non authenticated users other than login

Question

I want that users have to login before seeing other pages. If they try to access some other page, they have to login first.

I tried using the following, but it keeps giving me an HTTP Status 401 - Access Denied error.

http.csrf().disable().exceptionHandling()
                .authenticationEntryPoint(unauthorizedHandler).and()
                .formLogin().loginPage("/login").successHandler(authSuccess)
                .failureHandler(authFailure).and().authorizeRequests()
                .antMatchers("/login", "/#/login", "/login.html", "/login.jsp", "login", "/login")
                .permitAll().anyRequest().authenticated();

Since I am using angularjs, it might have to be something with that. I however still tried to add the /#/login part, but still without any good result.

Answer 1

You can achieve this using routing. Have a look at the below code.

app.run(function($rootScope, $location,cacheLogOut) {

// register listener to watch route changes
$rootScope.$on("$routeChangeStart", function(event, next, current) {
    if ($rootScope.loggedUser == null) { 
        // no logged user, we should be going to #login
        if (next.templateUrl == "login.html") {
            // already going to #login, no redirect needed
        } else {
            // not going to #login, we should redirect now
            $location.path("/login");
        }
    }
    });
});

This is borrowed from Redirecting to a certain route based on condition. I am using it for redirecting to the login page if the user is not logged in. The $rootScope.loggedUser value is set once the user is logged in.