Tip submitted by @tomcgn
You might want to use the nice out-of-the-box API to integrate your application into existing websites. One approach could be to use Knockout to bind your entities with ease and render the entity on e.g. your blog, being served from your JHipster application.
Two aspects need to be changed in the standard JHipster code in order to use the API from simple HTML/AJAX clients:
SecurityConfiguration
In method SecurityConfiguration.configure(HttpSecurity http)
, add new directives as needed in the .and().authorizeRequests()
part, e.g. :
.antMatchers("/api/_search/meetings/**").permitAll()
.antMatchers("/api/_search/meetings").permitAll()`
Of course you can make use of .hasAuthority()
and .authenticated()
to make your thinst-client a bit more dynamic.
You need to add the following directives to the CsrfCookieGeneratorFilter
:
In method doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException
response.addHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "86400"); // 24 Hours
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, x-auth-token");