I am working on prototype application where my application is built with following frameworks -- spring mvc (rest api) -- angular 2(frontend) -- spring security with saml -- ssocircle (public IDP) -- maven as build tool
I have successfully built this project and is available on github and tested with both tomcat 8.0 and weblogic 12.1.3. Also this whole project is packaged as single war. Generally I noticed that people built angular 2 app separately and backend api separately. I am not sure which one is best practice but any recommendation is welcome.
https://github.com/pritspatel/spring-saml-angular2.git
Now i want to expand this project a little further where
- Once user is authenticated by IDP, i want to redirect to home page of the angular 2 app
- while i redirect to angular 2 home page, i want to pass auth token(JWT) generated based on Saml token. If this is not a good practice then please let me know
- Send jwt on every subsequent request from angular 2 app
- secure rest api and provide ACL based on user role which will be controlled in db.
I am new to Angular 2 and spring security saml, so please correct me if i am wrong on any best practice.