admin管理员组文章数量:1419226
After login, I stored token and userRole in localStorage... I tried to inject a random token (without login) in localStorage via navigator and then, I can get access to the restricted page...
I want to prevent this security issue... I thought about a database where to store my token directly after the login and then compare it with the one that exists in localStorage.
isAuthenticated():boolean{
const token = localStorage.getItem('token');
return !!token;
}
After login, I stored token and userRole in localStorage... I tried to inject a random token (without login) in localStorage via navigator and then, I can get access to the restricted page...
I want to prevent this security issue... I thought about a database where to store my token directly after the login and then compare it with the one that exists in localStorage.
isAuthenticated():boolean{
const token = localStorage.getItem('token');
return !!token;
}
- Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Bot Commented Jan 29 at 15:52
1 Answer
Reset to default 0A token is used to restrict access to the calls to the Spring back-end. All your code is doing is returning true for any token. There is no call to the back-end.
The correct configuration of Spring Security is required in the back-end - it may already be setup. Spring security will validate the token and check roles before permitting the call to start.
Also you need to add the Authorization Bearer header to each call to the back-end.
本文标签: spring bootangular springboot login JWTStack Overflow
版权声明:本文标题:spring boot - angular springboot login JWT - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745301301a2652387.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论