Spring login + nativeScript app


#1

Hi,
I have started coding my own nativeScript app by following a grocery app tutorial. So far its going good.
Now, I am trying to integrate it with my existing spring boot application by making rest calls.
I have used spring security form login. is there any way that we can use existing login backend code to authenticate nativeScript app.


#2

My NativeScript application is also connected to a Spring Boot Server and this SpringBoot Server is connected to a WEB API.

I think if you use the protocol oauth/token should be more than enough to secure a login.


#3

yeah, this is one liner answer i get from every where, can you please share some steps, or point me to some some sample?


#4

I dont know if what i have will be any helpfull but i’ll share:

My nativescript application communicates with my SpringBoot Server with this method:

  login(user: User) {
    let headers = new Headers();
    headers.append("Content-Type", "application/json");
    return this.http.post(
      Config.apiUrl + "oauth/token",
      JSON.stringify({
        nif: user.nif,
        password: user.password,
      }),
      { headers: headers }
    )
      .map(response => response.json()).do(data => {
        Config.token = data.Result.access_token;
        let tmp = new Result();
        tmp.token = data.Result.token;
        console.log("Login Token: " + tmp.token);
        user.newToken = tmp.token;
        console.log("User.newToken: " + user.newToken);
      })
      .catch(this.handleErrors);
  }

On SpringBoot i catch the response using this method:

    //Connection between APP and Server -> Login
    @RequestMapping(value = "/oauth/token", method = RequestMethod.POST)
    public String userLogin(@RequestBody User user) throws Exception {
        System.out.println("UserLogin Method");
        System.out.println("User NIF: "+ user.getNif());
        String result = null;
        try {
          result = loginUserServerAPI();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return new Result().toString();

    }

And after that i make the connection between the server to my API using this method.


    private String loginUserServerAPI() throws Exception {

        String url = "http://localhost:59017/api/Utentes/LoginUtente?idUtilizador=00000000-0000-0000-0000-000000000000&password=sample%20string%205";
        URL urlObject = new URL(url);
        HttpURLConnection connection = (HttpURLConnection) urlObject.openConnection();

        connection.setRequestMethod("GET");
        connection.setRequestProperty("Content-Type", "application/json");

        connection.setDoOutput(true);
        int responseCode;
        String responseMessage;
        BufferedReader in;
        String inputLine;
        StringBuffer response;

        responseCode = connection.getResponseCode();
        responseMessage = connection.getResponseMessage();
        System.out.println("\nSending 'GET' request to URL : " + url);
        System.out.println("Response Code : " + responseCode);
        System.out.println("Response Message : " + responseMessage);

        in = new BufferedReader(
                new InputStreamReader(connection.getInputStream()));
        response = new StringBuffer();

        while ((inputLine = in.readLine()) != null) {
            response.append(inputLine);
        }
        in.close();

        System.out.println(response.toString());
        return responseMessage.toString();
    }

Hope it helps


#5

This is good. But I dont understand why we are using classes like bufferReader …
I have a general class SecurityConfiguration which follows standerd spring security model

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.rememberMe()
.rememberMeServices(rememberMeServices)
.rememberMeParameter(“remember-me”)
.key(jHipsterProperties.getSecurity().getRememberMe().getKey())
.and()
.formLogin()
.loginProcessingUrl("/api/authentication")

}

and web application is hosted on the same sever , where spring boot server is running.
I was looking for some way to re-use this ,while attempting login from nativeScript app.


#6

I have been searching all arround and doing POCs… I tried doing some experiments with CustomrememberMe service too.
I have finally come to conclusion of bypassing the spring authentication and doing a authentication myself and managing tokens too.

following something like this…https://stackoverflow.com/questions/41829831/spring-boot-rest-api-security-for-android-app-using-google-facebook-login

Open for suggestions…Any one else also who all are watching this thread, please pour your thoughts.