All geek questions in one place

Spring microservices, stateless session, angular and static file

I am designing the backend of a large application that is divided into microservices. I use Spring Cloud with my tools: Eureka , Zuul , etc. I implemented authorization OAuth2 server, which supports four types of grants. It works without a problem.

Then I was asked to serve html files and in such a way that, if they are not authorized, the backend should redirect to the login page and strongly recommended that I do not use sessions . I thought that without a session spring cannot really know what is happening , in the end it must have a token in order to decide to create a security context .

I began to study this problem. I found that examples from Spring Security and the Angular JS tutorial show that routes and redirects are done inside angular using ui-route . I looked at several projects on github and they also used Angular for redirection.

Is it possible to redirect the use of the backend in a session without apathy? (It sounds so stupid, but it cannot be expressed otherwise. I want to give this answer to my colleagues who claim that this is possible). If possible, are there any examples?

+4
source share
1 answer

If you use OAuth2 for internal security, I suggest using oauth to access the management of all your services, considering the presence of a token as something like a session.

, . ResourceServerConfigurerAdapter secure spring, HTTP Authorization: Bearer <token> get, /service/endpoint?access_token=<token>.

( !), , OAuth2Authentication securityContext.

, - JWT, spring, , auth , JWT.

, "" ( ), , .

, ;)

0

Source: https://habr.com/ru/post/1656698/

More articles:


All Articles