##Update Google has released Polymer 1.0! It is significantly different than the 0.5x (Dev Preview) release that this project is based on. I've begun updating the app, but time constraints have kept me from fully porting it with all the updated Spring Security goodness that has also happened. I do have a simpler project using Polymer 1.0 and Spring here: spring-polymer1-sample

##Introduction

This application uses Google's Polymer web framwork and elements (core and paper) to build a single page application (SPA) that utilizes ReSTful back end services. The services are created in Spring, and use Spring Security, Spring Session, and Spring Cloud.

It is based on a set of concepts laid out by Dave Syer in a series of articles (and samples) that specifically explore the security side of SPA apps. The first post in the series is here.

##Contents

• polymer-ui: Application to host the Polymer app, and act as a Service Proxy
• resource: Simple ReSTful app to return JSON data
• auth-server: Simple OAuth2 server to use for testing

##Build / Run

The projects should build with maven, eg:

mvn package

and are run as standard java applications:

java -jar polymer-demo-ui-0.0.1-SNAPSHOT.jar

The default is for the session profile to be active. Change to oauth by changing the profile

java -jar polymer-demo-ui-0.0.1-SNAPSHOT.jar --spring.profiles.active=oauth

##Notes

OAuth has worked in the past, but is likely currently broken. Consider it "experimental". :-)

##Future direction

Provide a combined Session and OAuth solution so users can choose which to use to access an app.