[英]How do I do client side authentication check with React front end and Spring Boot security backend?
I've got the spring boot security dependency set up 我已经设置了spring boot安全依赖项
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
I've also restricted some pages in my WebSecurityConfigAdapter eg 我也限制了WebSecurityConfigAdapter中的某些页面,例如
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
(I've also done the various other boilerplate setup of UsersDetailsService etc.) (我还完成了UsersDetailsService等的其他各种样板设置)
In a traditional front end where I'm using html/thymeleaf I can simply do something like this to display a logout link, if the user is logged in. 在我使用html / thymeleaf的传统前端中,如果用户已登录,我可以简单地执行以下操作以显示注销链接。
<form sec:authorize="isAuthenticated()" id="frmlogout" th:action="@{/logout}" method="post" class="form-inline">
<a href="javascript:{}" onclick="document.getElementById('frmlogout').submit(); return false;">Logout</a>
</form>
Question is, how can I do a similar "isAuthenticated()" check (as well as a role check) from my react .js classes? 问题是,如何从我的react .js类中进行类似的“ isAuthenticated()”检查(以及角色检查)? Is it even possible?
可能吗?
The desired outcome is so that I can then add the logout button to my navbar, which is defined in my .js classes. 理想的结果是使我可以将注销按钮添加到导航栏,该导航栏是在.js类中定义的。
This post on React.js + Spring Security shows an approach of using a session cookie which is the traditional way of securing communication in spring mvc. 这篇关于React.js + Spring Security的文章展示了一种使用会话cookie的方法,这是确保Spring mvc中通信安全的传统方法。
Or you could use Basic Auth for your API and implement the login logic in React. 或者您可以对API使用Basic Auth并在React中实现登录逻辑。 If a call to the API results in a HTTP 401 Unauthenticated then ask the user to provide credentials and use the in react to call the API.
如果对API的调用导致HTTP 401未经身份验证,则要求用户提供凭据并使用in响应来调用API。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.