Spring Boot and Angular authentication - how to secure the app?

The obvious thought: https://spring.io/guides/tutorials/spring-security-and-angular-js/

If you tried to serve angular on the same port using static resources, you will have a hard time setting it up with spring boot because there will be conflicts about who should resolve a particular resource: angular or spring boot. For eg: /home can be resolved by angular but spring isn't aware of the fact that there is a /home and if you hit /home directly, it won't be resolved by angular unless index.html was loaded and you will see a 404 Whitelabel page.

If you serve angular and spring boot on separate ports then you must read this quote from above spring guides:

You can’t have a secure, stateless application.

Adding to what Hopey One already pointed out: Using JHipster is not as bad as you think. It will hardly take a day to build 80% of your project and then you can tweak the rest 20% accordingly. It will take care of most of the gaps in knowledge and let you write the code that is actually required. And since you already have a running application, most of it would be a copy-paste work. You can read this guide to set up the environment.


Have a look at the JHipster project. Without much effort you can generate a simple project built on angular and spring boot. It implements JWT for authentication with a DB of your choice. Might serve as a good bootstrap or as a reference implementation for implementing your project.


I recommend exploring these two topics:

  • Back-end: https://auth0.com/blog/implementing-jwt-authentication-on-spring-boot/
  • Font-end: https://blog.angular-university.io/angular-jwt-authentication/

Filter is part of servlet-api, it means that filter can be implemented in any library, and web server will register and map to specific url. In our case your LoginFilter is all most the same like JWTAuthenticationFilter, but with additional functionality of Spring Framework, both of these classes implement the Filter interface.