Closed amadorjoaosilva closed 8 years ago
Following: http://engineering.talis.com/articles/elegant-api-auth-angular-js/
I was able to use a factory to append "Authorization" field to header, and receive the value via @RequestHeader
. Next, I will follow their example on how to intercept the response to deal with token invalidation or expiry. Then, I need to figure out token creation and how to generate new ones, and verify when they are received. Finally, then make these checks with every api request.
TODO
notes. They include checking the expiration date and removing the session for invalid tokens, as well as adding a logout
methodmvc-dispatcher-servelet.xml
, so they are all intercepted (except login)JWT
as property scope
. (this means making a join with the permissions table when getting the user id from the session table, and getting their permissions as a list to store in token)manage-employee
permissions. If a user doesn't have that, it kicks them out with an error status code.