Answer the question
In order to leave comments, you need to log in
U
U
user.2019-02-24 19:17:56
user., 2019-02-24 19:17:56
Is it worth returning the user's ROLE from the backend after login?
Greetings to all,
There is a backend on which the user is authorized and, depending on the user's ROLE, certain functionality becomes available to him, of course, the frontend will be different for each user.
Question: after a successful login, is it required to return the ROLE of the user on the frontend?
1. That is, the user sends a post / get to the backend
2. in response, he receives his session number (which is contained in the cookie)
And for example Role in json / xml for example {"role:" "admin"}
3. After this role is already used in the frontend throughout the user's work.
1 answer(s)
Hasanly @azerphoenix
O
Orkhan, 2019-02-24 Hasanly @azerphoenix
Not necessary.
If we are talking about Spring, then you are probably using Spring Security.
Accordingly, look towards hasAuthority() hasRole() @PreAuthorize() (you need to "enable" it first). Using @PreAuthorize you can restrict access at the controller class or method level.
You can also check user permissions in a template if you use template engines like thymeleaf, freemarker, mustache. All you have to do is add add-ons. For example, thymeleafExtras
Cookies is of course a solution, but the problem is that it can be edited. And accordingly, the user can get access to the admin rights... So... it's better not to do this.
Similar questions
R
A
S
W
E
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question