loading...
Cover image for How do I secure this Spring Boot + Thymeleaf + Vue.js app?

How do I secure this Spring Boot + Thymeleaf + Vue.js app?

brunodrugowick profile image Bruno Drugowick ・1 min read

I have this app:

And I'm wondering how do I properly secure it? The app has:

  • Server-rendered pages with Thymeleaf.
  • An API providing data for the pages.

What's the proper way to secure and its underlying limitations considering this architecture?

Some questions that pop on my mind, to help you understand why I'm asking:

  • Can I go with Spring Security defaults (adding csrf token on my forms that POST/PUT with Vue.js)?
  • How do I integrate this with my DELETE via API, for example?
  • Should I disable csrf?
  • Does this architecture makes sense? What are the caveats?

...


Cover image from Christoph Scholz.

Discussion

markdown guide
 
 

Thanks, Sunit.

Keycloak is an Identity and Access Management by itself. In this case should I ditch Spring Security (or maybe configure to integrate with Keycloak)?

How does this works on the Vue.js side running on a server-rendered page?

I'm interested more in the architectural aspects and its implications on both the development and operation of the solution rather than just making it work, understand?