I have this app:
Complete CRUD with Spring Boot, Vue.js, Axios
Bruno Drugowick ・ Feb 9 '20 ・ 4 min read
And I'm wondering how do I properly secure it? The app has:
- Server-rendered pages with Thymeleaf.
- An API providing data for the pages.
What's the proper way to secure and its underlying limitations considering this architecture?
Some questions that pop on my mind, to help you understand why I'm asking:
- Can I go with Spring Security defaults (adding csrf token on my forms that POST/PUT with Vue.js)?
- How do I integrate this with my DELETE via API, for example?
- Should I disable csrf?
- Does this architecture makes sense? What are the caveats?
Cover image from Christoph Scholz.
Top comments (2)
Take a look at keycloak.org
Keycloak is an Identity and Access Management by itself. In this case should I ditch Spring Security (or maybe configure to integrate with Keycloak)?
How does this works on the Vue.js side running on a server-rendered page?
I'm interested more in the architectural aspects and its implications on both the development and operation of the solution rather than just making it work, understand?