3

I am creating a project in AngularJs at frontend and Spring MVC in backend.

Now assume when a used logged in and if he wants to update his information, for this i have created an api which request for emailid and update the rest object in database of that email id

Now i have some questions,

1.) I dont want to use CookieStore or others sessionStorage or localstorage (because of my personal vulnerability experience and also i want to use session only) in Angular, how can i do it in angular with Spring MVC.

2.) How can i retrieve the email id from session to update data?

3.)If a user goes to another page how can i maintain that session in another page, how can i check that session is there and user is authentic to see the page

Read a lot about it but unable to find the exact solution with session. Answer over there is manage it by cookieStore.or localstorage, Please help

Aman
  • 806
  • 2
  • 12
  • 38

2 Answers2

3

Let's try and see what is happening here using cookies is the right way to this, you may think it is not safe but is the safest way to do it. With cookies you will be sharing the same session in all tabs, so you can handle in all tabs and share it.

There is also an alternative option and is using URL rewriting, quoting @vanje in this question in stackoverflow

the session is only identified via a URL parameter containing the session ID. So every internal URL of your web application has to be enhanced with this parameter using the method HttpServletResponse.encodeURL(). If you are using a web framework like Wicket, chances are good that this is already done for you.

Lets go now with the Angular JS - Spring MVC approach:

There is no need to access the session within the Angular JS front-end, if you need to use it and you are using JSP you may use scriplet to retrieve the information openening a <%= session.getAttribute("user") %> , but as I said there is no need to do this. You may call your function, and retrieve this information in your controller in Spring. You have a controller in angular JS that calls with http to your REST controller in Spring such like this. assuming that you save your user first in session:

$scope.getUserInfo= function () {
        $http.get(appContextPath +'/rest/getuser/').success(function (data) {
            $scope.user= data;
        });
    };

You may have a request mapping for the URL above:

@RequestMapping(value = "/rest/getuser", method = RequestMethod.GET)
@ResponseBody
public User getUserInfo (HttpSession session) {
    User nUser = session.getAttribute("user");
    return nUser;
}
Community
  • 1
  • 1
ZetaPR
  • 964
  • 7
  • 32
  • just a quick question I am not.using jsp i am simply using .HTML. Page with angular in that case how can I check.if the session exist or not to view or not to view that page to user – Aman Aug 31 '16 at 18:38
  • You will have to do everything with your REST API, when you create the HTML view,, you need to store in $scope your User Id, so you can use it in future transactions to your DB throug any $http (get, post, delete or put). So to check if the user session already exists you may use the session in Angular but synchronized with you Spring throug any REST methods you may have. You may se more info in [this](https://medium.com/opinionated-angularjs/techniques-for-authentication-in-angularjs-applications-7bbf0346acec#.vrr17998r) link – ZetaPR Sep 01 '16 at 06:25
3

I think the best way is to create a method in your AngularJS controller and then call it.

Java code:

@RequestMapping(value = "/menu/get", method = RequestMethod.GET, headers="Accept=*/*")
public @ResponseBody Empleado showMenu(HttpSession session) {
    Empleado empleado = (Empleado) session.getAttribute("empleado");

    return empleado;
}

AngularJS code:

angular.module('myModule')
    .controller('myMenuController', ['$scope', '$http'
        function($scope, $http){

        getEmpleadoInfo = function () {
            $http.get(myContextPage + '/menu/get')
                .then(function(data) {
                    $scope.empleado = data;
                })
        }

        getEmpleadoInfo();

    }]);

This way, when you load the page, the object will be loaded on the scope.

Germán Acosta
  • 57
  • 1
  • 13