-1

I am learning angular 2. I am trying to make an application in angular + spring.

In traditional J2EE MVC application, client sends request, server process it and redirect to another page. Decision to redirect to another page is taken at server side.

In angular, I created a login page. Submitted the form and I am able to send the SUCCESS/FAIL response to client. But I want to redirect to login success page from server only instead of angular type script (client) redirect to another component which is security issue.

Can someone help me how to handle this scenario?

Egan Wolf
  • 3,533
  • 1
  • 14
  • 29
javafan
  • 1,525
  • 3
  • 21
  • 40

2 Answers2

1

In angular you define a service, which is sending a POST request once the form has passed the data to the function in the service. The service becomes a success/fail back and reroutes on the client (Angular) side to display the success side or an error in the login page on failure.

All API calls must ensure e.g. via a session cookie, that the user is still logged in. As the api calls have to be secured anyhow, the angular2/4 single page can do its routing magic alone.

Myonara
  • 1,197
  • 1
  • 14
  • 33
1

I understand your concern is the user can run javascript code and make login success and go to home page . But for every subsequent request made to fetch data will be sent to server where you will be validating session . Since the user is not logged in , he/she cannot get data back . So there is nothing they can do without registering session on the server side .

In short, redirecting to homepage after logging in client side is not a security threat.

To answer your question, you need to have both jsp and angular . Inside index.jsp there is a check for session and it redirects to login page . After success , server will allow to display angular code.

Vamshi
  • 9,194
  • 4
  • 38
  • 54