angularjs - Securing Symfony RESTful API consumed by angular front? -


i have set symfony based api being used angular front end totally dependent of (user registration included)

i have read multiple threads recommending using wsse or fosoauthserverbundle i'm not sure best method ?

if understood correctly, wsse has send each api request x-wsse headers make me think not best suited performance.

about fosauthserverbundle have never used , looks bit complicated me compared wsse, that's why i'm asking there before trying implement it.

i have 2 simple groups of user (basic , admin), best way secure api, additionally providing easy way keep user persistence (i mean accesses through different pages)?

how should in angular front side ?

thanks help.

refs: http://blog.tankist.de/blog/2013/07/16/oauth2-explained-part-1-principles-and-terminology/

http://obtao.com/blog/2013/06/configure-wsse-on-symfony-with-fosrestbundle/

it depends on requirements are.

first of all, oauth 2 authentication mechanism/spec can use in combination sessions/bearer tokens/... applies local accounts (since want user registration).

fosauthserverbundle bundle implement server-side of oauth2 specification. means can expose oauth2 side of api other applications , allow them use accounts authenticate. think google login, twitter login, etc own app.

this has nothing way validate / authorize requests after initial login has taken place.

do want implement stateless authentication? recommend using new json web token (jwt) specification.

see symfony bundle (lexikjwtauthenticationbundle) , jwt description (jwt.io)

there many resources on angular side of things , api part pretty straightforward.

wsse not seem suited implement in restful api , have no experience using/implementing cannot comment on much.


Comments

Post a Comment

Popular posts from this blog

c# - Validate object ID from GET to POST -

i have method allows user access comment have made on site. have post method lets them update comment. my normal solution send entire comment model through, let them update it, update on database when post back. involve sending commentid through in hiddenfor , can manipulated. how can verify commentid sent in get method same i'm getting in post , not able alter comment wish? how can verify commentid sent in method same i'm getting in post? basically have validate following things in post - user logged-in user. authenticated users post comments. commentid in post , should valid commentid , should present in database. userid associated logged-in user should same userid associated comment . comment should contain userid column, can check @ time of update. to make sure update happens comment has been sent in get - hold commentid in session , in post action compare commentid value in session .
Read more

node.js - Custom Model Validator SailsJS -

when using custom model validator checks record within model. return within spread doesn't seem end control flow. //post.js model /** * custom validator **/ types: { isuservalid: function(user_id) { var promise = require('bluebird'); promise.all([ user.findone({id: user_id}) ]) .spread(function(user) { console.log(user); if (user === null || user === undefined) { console.log('failed'); return false; }else{ console.log('passed'); return true; } }); } }, my response standard validation failed response. { "error": "e_validation", "status": 400, "summary": "1 attribute invalid", "model": "post", "invalidattributes": { "owner": [ { "rule": "isuservalid", ...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more