How to secure routes using AngularJS_AngularJS
Introduction
AngularJS has been used for a long time since its emergence. It is a javascript framework for developing single page applications (SPA). It has some nice features like two-way binding, directives, etc. This article mainly introduces Angular routing security strategies. It is a client-side security framework that can be developed with Angular. I've tested it. In addition to ensuring client-side routing security, you also need to ensure server-side access security. Client security policies help reduce additional access to the server. However, if someone accesses the server by tricking the browser, server-side security policies should be able to deny unauthorized access. In this article, I will only discuss client-side security policies.
1 Define global variables at the application module level
Define roles for the application:
var roles = {
superUser: 0,
admin: 1,
user: 2
};
Define routes for unauthorized access for applications:
var routeForUnauthorizedAccess = '/SomeAngularRouteForUnauthorizedAccess';
2 Define authorization service
appModule.factory('authorizationService', function ($resource, $q, $rootScope, $location) {
return {
// 将权限缓存到 Session,以避免后续请求不停的访问服务器
permissionModel: { permission: {}, isPermissionLoaded: false },
permissionCheck: function (roleCollection) {
// 返回一个承诺(promise).
var deferred = $q.defer();
// 这里只是在承诺的作用域中保存一个指向上层作用域的指针。
var parentPointer = this;
// 检查是否已从服务获取到权限对象(已登录用户的角色列表)
if (this.permissionModel.isPermissionLoaded) {
// 检查当前用户是否有权限访问当前路由
this.getPermission(this.permissionModel, roleCollection, deferred);
} else {
// 如果还没权限对象,我们会去服务端获取。
// 'api/permissionService' 是本例子中的 web 服务地址。
$resource('/api/permissionService').get().$promise.then(function (response) {
// 当服务器返回之后,我们开始填充权限对象
parentPointer.permissionModel.permission = response;
// 将权限对象处理完成的标记设为 true 并保存在 Session,
// Session 中的用户,在后续的路由请求中可以重用该权限对象
parentPointer.permissionModel.isPermissionLoaded = true;
// 检查当前用户是否有必须角色访问该路由
parentPointer.getPermission(parentPointer.permissionModel, roleCollection, deferred);
}
);
}
return deferred.promise;
},
//方法:检查当前用户是否有必须角色访问该路由
//'permissionModel' 保存了从服务端返回的当前用户的角色信息
//'roleCollection' 保存了可访问当前路由的角色列表
//'deferred' 是用来处理承诺的对象
getPermission: function (permissionModel, roleCollection, deferred) {
var ifPermissionPassed = false;
angular.forEach(roleCollection, function (role) {
switch (role) {
case roles.superUser:
if (permissionModel.permission.isSuperUser) {
ifPermissionPassed = true;
}
break;
case roles.admin:
if (permissionModel.permission.isAdministrator) {
ifPermissionPassed = true;
}
break;
case roles.user:
if (permissionModel.permission.isUser) {
ifPermissionPassed = true;
}
break;
default:
ifPermissionPassed = false;
}
});
if (!ifPermissionPassed) {
// 如果用户没有必须的权限,我们把用户引导到无权访问页面
$location.path(routeForUnauthorizedAccess);
// 由于这个处理会有延时,而这期间页面位置可能发生改变,
// 我们会一直监视 $locationChangeSuccess 事件
// 并且当该事件发生的时,就把掉承诺解决掉。
$rootScope.$on('$locationChangeSuccess', function (next, current) {
deferred.resolve();
});
} else {
deferred.resolve();
}
}
};
});
3 Encrypted routing
Then let’s use the fruits of our efforts to encrypt routing:
var appModule = angular.module("appModule", ['ngRoute', 'ngResource'])
.config(function ($routeProvider, $locationProvider) {
$routeProvider
.when('/superUserSpecificRoute', {
templateUrl: '/templates/superUser.html', // 路由的 view/template 路径
caseInsensitiveMatch: true,
controller: 'superUserController', // 路由的 angular 控制器
resolve: {
// 在这我们将使用我们上面的努力成果,调用授权服务
// resolve 是 angular 中一个非常赞的特性,可以确保
// 只有当它下面提到的承诺被处理之后
// 才将控制器(在本例中是 superUserController)应用到路由。
permission: function (authorizationService, $route) {
return authorizationService.permissionCheck([roles.superUser]);
},
}
})
.when('/userSpecificRoute', {
templateUrl: '/templates/user.html',
caseInsensitiveMatch: true,
controller: 'userController',
resolve: {
permission: function (authorizationService, $route) {
return authorizationService.permissionCheck([roles.user]);
},
}
})
.when('/adminSpecificRoute', {
templateUrl: '/templates/admin.html',
caseInsensitiveMatch: true,
controller: 'adminController',
resolve: {
permission: function (authorizationService, $route) {
return authorizationService.permissionCheck([roles.admin]);
},
}
})
.when('/adminSuperUserSpecificRoute', {
templateUrl: '/templates/adminSuperUser.html',
caseInsensitiveMatch: true,
controller: 'adminSuperUserController',
resolve: {
permission: function (authorizationService, $route) {
return authorizationService.permissionCheck([roles.admin, roles.superUser]);
},
}
});
});
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1393
52
1209
24
The latest 5 angularjs tutorials in 2022, from entry to mastery
Jun 15, 2017 pm 05:50 PM
Javascript is a very unique language. It is unique in terms of the organization of the code, the programming paradigm of the code, and the object-oriented theory. The issue of whether Javascript is an object-oriented language that has been debated for a long time has obviously been There is an answer. However, even though Javascript has been dominant for twenty years, if you want to understand popular frameworks such as jQuery, Angularjs, and even React, just watch the "Black Horse Cloud Classroom JavaScript Advanced Framework Design Video Tutorial".
Use PHP and AngularJS to build a responsive website to provide a high-quality user experience
Jun 27, 2023 pm 07:37 PM
In today's information age, websites have become an important tool for people to obtain information and communicate. A responsive website can adapt to various devices and provide users with a high-quality experience, which has become a hot spot in modern website development. This article will introduce how to use PHP and AngularJS to build a responsive website to provide a high-quality user experience. Introduction to PHP PHP is an open source server-side programming language ideal for web development. PHP has many advantages, such as easy to learn, cross-platform, rich tool library, development efficiency
Build web applications using PHP and AngularJS
May 27, 2023 pm 08:10 PM
With the continuous development of the Internet, Web applications have become an important part of enterprise information construction and a necessary means of modernization work. In order to make web applications easy to develop, maintain and expand, developers need to choose a technical framework and programming language that suits their development needs. PHP and AngularJS are two very popular web development technologies. They are server-side and client-side solutions respectively. Their combined use can greatly improve the development efficiency and user experience of web applications. Advantages of PHPPHP
Build a single-page web application using Flask and AngularJS
Jun 17, 2023 am 08:49 AM
With the rapid development of Web technology, Single Page Web Application (SinglePage Application, SPA) has become an increasingly popular Web application model. Compared with traditional multi-page web applications, the biggest advantage of SPA is that the user experience is smoother, and the computing pressure on the server is also greatly reduced. In this article, we will introduce how to build a simple SPA using Flask and AngularJS. Flask is a lightweight Py
How to use AngularJS in PHP programming?
Jun 12, 2023 am 09:40 AM
With the popularity of web applications, the front-end framework AngularJS has become increasingly popular. AngularJS is a JavaScript framework developed by Google that helps you build web applications with dynamic web application capabilities. On the other hand, for backend programming, PHP is a very popular programming language. If you are using PHP for server-side programming, then using PHP with AngularJS will bring more dynamic effects to your website.
Use PHP and AngularJS to develop an online file management platform to facilitate file management
Jun 27, 2023 pm 01:34 PM
With the popularity of the Internet, more and more people are using the network to transfer and share files. However, due to various reasons, using traditional methods such as FTP for file management cannot meet the needs of modern users. Therefore, establishing an easy-to-use, efficient, and secure online file management platform has become a trend. The online file management platform introduced in this article is based on PHP and AngularJS. It can easily perform file upload, download, edit, delete and other operations, and provides a series of powerful functions, such as file sharing, search,
Introduction to the basics of AngularJS
Apr 21, 2018 am 10:37 AM
The content of this article is about the basic introduction to AngularJS. It has certain reference value. Now I share it with you. Friends in need can refer to it.
How to use PHP and AngularJS for front-end development
May 11, 2023 pm 05:18 PM
With the popularity and development of the Internet, front-end development has become more and more important. As front-end developers, we need to understand and master various development tools and technologies. Among them, PHP and AngularJS are two very useful and popular tools. In this article, we will explain how to use these two tools for front-end development. 1. Introduction to PHP PHP is a popular open source server-side scripting language. It is suitable for web development and can run on web servers and various operating systems. The advantages of PHP are simplicity, speed and convenience
