I'm looking for some advice about how to execute a authentication implementation on my web application with some specific requirements.
The web application consists of a angular frontend and a spring-boot backend. All of this is hosted on Google Appengine and I’m using Google Cloud Datastore for the database.
I want to implement some kind of authentication system now where the user uses email and password to log in. The users should only be able to create accounts if I have allowed that email to register. What would be the best way to implement a system that achieves this?
I’ve been looking at Firebase for the authentication part and that looks good but how do I integrate this with spring boot to limit access to the site depending on if the user is logged in or not?
Another question is about the create user requirement. Would a good solution to this be to store emails that are allowed to register in my database, and then check every time someone wants to register if their email is in there before using Firebase to create that user?
I'm not very experienced with authentication implementations so any advice is appreciated.
答案 0 :(得分:0)
I think that Spring Security + Stormpath its a good choice. Here is one nice tutorial: https://scotch.io/tutorials/build-a-spring-boot-app-with-user-authentication
And about the registration permission for enabled emails you should really store on DB to have control over it, I dont see any problem with that.