** Spring Boot Security with CSRF protection for SPA(Single Page Applications) Using Angular Framework **
Render.com URL : Demo URL
wait for 15-20 seconds to get server up only if not running.
This project is using frontend-maven-plugin plugin.
It will build angular project from directory src/main/frontend and place build files in
frontend/dist/frontend/browser. Check config in pom.xml.
<groupId>com.github.eirslett</groupId>
<artifactId>frontend-maven-plugin</artifactId>
<version>${frontend-maven-plugin.version}</version>
<configuration>
<workingDirectory>${frontendSrcDir}</workingDirectory>
</configuration>
Maven Resource plugin will copy this angular build files and
place it under maven build directory /target/classes/static as spring boot
will serve static contents from this directory.
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-resources</id>
<phase>process-classes</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${basedir}/target/classes/static</outputDirectory>
<resources>
<resource>
<directory>${frontendSrcDir}/dist/frontend/browser</directory>
</resource>
</resources>
</configuration>
</execution>
</executions>
Git: 2.51+
Spring Boot: 3.5.11
Maven: 3.9+
Java: 25
(Optional)Docker Desktop: Tested on 4.54.0
git clone https://github.com/deepaksorthiya/spring-boot-security-angular-client-csrf.git
cd spring-boot-security-angular-client-csrfIn below command, Maven clean phase will delete node packages. check clean plugin config in POM File. Don't use clean phase second time if you don't want to remove node packages.
./mvnw clean package -DskipTestsUse below option if you don't want to build frontend second time. Don't use clean phase second otherwise it will delete frontend build as well.
./mvnw package -DskipTests -DskipFrontendBuild=truefor native graalvm
./mvnw -Pnative native:compileIt will generate a spring-boot-security-angular-client-csrf in target folder.
./mvnw spring-boot:runOR
java -jar .\target\spring-boot-security-angular-client-csrf-0.0.1-SNAPSHOT.jarfor native image run
./target/spring-boot-security-angular-client-csrfsee README
./mvnw clean spring-boot:build-image -DskipTestsfor native container image
./mvnw clean -Pnative spring-boot:build-image -DskipTestsdocker build --progress=plain -f Dockerfile.native -t deepaksorthiya/spring-boot-security-angular-client-csrf .docker run -p 8080:8080 --name spring-boot-security-angular-client-csrf deepaksorthiya/spring-boot-security-angular-client-csrfUSER1 ==> Username: user Password: password
USER2 ==> Username: admin Password : admin
visit to access application http://localhost:8080
if you want to remove node packages during maven clean phase add below plugin config in pom.xml. It's already added. you can use
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<configuration>
<filesets>
<fileset>
<directory>src/main/frontend/.angular</directory>
</fileset>
<fileset>
<directory>src/main/frontend/dist</directory>
</fileset>
<fileset>
<directory>src/main/frontend/node</directory>
</fileset>
<fileset>
<directory>src/main/frontend/node_modules</directory>
</fileset>
</filesets>
</configuration>
</plugin>
For further reference, please consider the following sections:
- Official Apache Maven documentation
- Spring Boot Maven Plugin Reference Guide
- Create an OCI image
- Spring Boot Actuator
- Spring Web
- Spring Data JPA
- Validation
- Flyway Migration
The following guides illustrate how to use some features concretely: