We have implemented CRUD functionalities in our frontend using an unsecured backend. Now, it is time to switch on security for our backend and go back to the version that we created in Chapter 5, Securing and Testing Your Backend:
- Open your backend project with the Eclipse IDE and open the SecurityConfig.java file in the editor view. We have commented the security out and have allowed everyone access to all endpoints. Now, we can remove that line and also remove the comments from the original version. Now, your SecurityConfig.java file's configure method should look like the following:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().cors().and().authorizeRequests()
.antMatchers(HttpMethod.POST, "/login").permitAll()
.anyRequest().authenticated()
.and()
// Filter for the api/login requests
.addFilterBefore(new LoginFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class)
// Filter for other requests to check JWT in header
.addFilterBefore(new AuthenticationFilter(),
UsernamePasswordAuthenticationFilter.class);
}
Let's test what happens when the backend is secured again.
- Run the backend by pressing the Run button in Eclipse and check from the Console view that the application started correctly. Run the frontend by typing the npm start command into your Terminal, and the browser should be opened to the address localhost:3000.
- You should now see that the list page and the table are empty. If you open the developer tools, you will notice that the request ends in a 403 Forbidden HTTP error. This is actually what we wanted, because we haven't yet executed authentication in relation to our frontend:
Now, we are ready to work with the frontend.