Authorization and Authentication with AngularJS + Jersey
Workflow
- User provides credentials which are sent to the server for identification.
- When the user is identified we perform the following task:
- A highly random, un-guessable string is generated.
- A JWT is generated with the User ID as subject and the random string as a claim.
- Store the JWT in cookie with HttpOnly, Secure flags (our session cookie).
- Store the random string in an another cookie with Secure flag only (xsrf cookie).
The Login resource :
All ajax requests should append the random string as the X-XSRF-Token Header. The server should reject any request that does not match between the supplied header and the claim of the session cookie.
The Jersey filter :
The AngularJS way...
Angular (v1) | run :
Angular (v1) | AuthService.getUser()
We check if user is logged in, otherwise we try to retrieve the xsrf cookie in order to make a request to the endpoint by passing the value to the header.
Hello, thanks a lot for the example, excellent. Source code available somewhere? :)
ReplyDeleteHi,
DeleteThanks for your comment. Sorry but for privacy reason I cannot publish the code. In my tuto, you have all the clue to implement your authorization process easily.
Thanks