我有一个用于生成令牌的休息api,我在角度4客户端使用,但问题是在哪里存储此令牌.
在互联网上,我发现我可以存储在本地存储或cookie中.
所以我的问题是,如果商店令牌是本地存储,例如,我刚刚从另一个浏览器复制了有效令牌,那么我将拥有一个有效的令牌,因此存在任何像这样的存储令牌的安全性,并且基本相同用饼干,或者我错过了一些重要的信息?
我见过很多 JWT 的例子,它们都有 word Bearer。我已经在versionspring(Java)上构建了一个身份验证服务,当我从请求中获取信息时我正在做什么,我正在调用它,因为这个 JWT 库只需要令牌,它不使用 this 。那么为什么一般需要这样做呢?)com.auth0.java-jwt3.2.0Authentication headerrequestHeader.substring(7)BearerBearer
我有一个认证HttpInterceptor:
import {HttpErrorResponse, HttpEvent, HttpHandler, HttpInterceptor,
HttpRequest} from '@angular/common/http';
import {AuthService} from '../service/auth.service';
import {Observable} from 'rxjs/Observable';
import {Injectable} from '@angular/core';
import {Router} from '@angular/router';
@Injectable()
export class AuthInterceptor implements HttpInterceptor {
constructor(private authService: AuthService,
private router: Router) {
}
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
const authHeader = this.authService.getToken();
const clone = req.clone({headers: req.headers.set('Authorization',authHeader)});
return next.handle(clone).do(() => {
}, err => {
console.log(err);
if (err instanceof HttpErrorResponse && err.status === 401) {
this.authService.clearToken();
this.router.navigate(['/auth/signin']);
return Observable.empty();
} …我已经创建了用于记录日志的扩展功能:
import org.slf4j.LoggerFactory
fun Any.log(msg: String) {
LoggerFactory.getLogger(javaClass.name).debug(msg)
}
但是我不确定它是否会在任何时候被调用,因为方法LoggerFactory.getLogger调用getILoggerFactory。
MB已经有人做过类似的事情,可以向我保证不会有任何内存泄漏:)吗?
现在我使用老式的方法(在类中声明logger字段):
companion object {
private val logger = LoggerFactory.getLogger(LoggerTest::class.java.name)
}
但是unit像这样的简单测试:
@Test
fun testLogger() {
val start = System.currentTimeMillis()
for (i in 0..999) {
log("i=" + i)
}
val end = System.currentTimeMillis()
val time = end - start
println("*** TIME=" + time.toDouble() / 1000 + " sec")
}
显示的结果与旧时尚选项相同:
@Test
fun testLogger() {
val start = System.currentTimeMillis()
for (i in 0..999) {
logger.debug("i=" …我有带有网络套接字配置的简单 Spring Boot 应用程序。
当我使用SimpleBroker(由spring提供)运行我的应用程序时,一切正常,但是当我想使用rabbitmq而不是SimpleBroker时,我遇到了一些问题,我的经纪人“不可用”
@Configuration
@EnableWebSocketMessageBroker
open class WebSocketConfig : ILogging by LoggingImp<WebSocketConfig>(),
WebSocketMessageBrokerConfigurer {
@Autowired
private lateinit var env: Environment
override fun registerStompEndpoints(registry: StompEndpointRegistry) {
registry.addEndpoint("/hig").setAllowedOrigins("*").withSockJS()
}
override fun configureMessageBroker(registry: MessageBrokerRegistry) {
registry.setApplicationDestinationPrefixes("/app")
val host = env.getProperty("spring.rabbitmq.host")!!
val port = env.getProperty("spring.rabbitmq.port")!!.toInt()
val login = env.getProperty("spring.rabbitmq.username")!!
val pass = env.getProperty("spring.rabbitmq.password")!!
log.debug("webSocket=$host, $port, $login, $pass")
// registry.enableSimpleBroker("/chat")
registry.enableStompBrokerRelay("/chat")
.setRelayHost(host)
.setRelayPort(port)
.setClientLogin(login)
.setClientPasscode(pass)
.setAutoStartup(true)
.setSystemHeartbeatReceiveInterval(10000)
.setSystemHeartbeatSendInterval(10000)
}
}
来自 WebSocketMessageBrokerStats 的响应:
{
"loggingPeriod": 1800000,
"webSocketSessionStatsInfo": "0 current WS(0)-HttpStream(0)-HttpPoll(0), 0 total, 0 …我有HttpInterceptor:
import {HttpErrorResponse, HttpEvent, HttpHandler, HttpInterceptor,
HttpRequest} from '@angular/common/http';
import {AuthService} from '../service/auth.service';
import {Observable} from 'rxjs/Observable';
import {Injectable} from '@angular/core';
import {Router} from '@angular/router';
@Injectable()
export class AuthInterceptor implements HttpInterceptor {
constructor(private authService: AuthService,
private router: Router) {
}
intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
const clone = request.clone({headers: request.headers.set(AuthService.AUTH, this.authService.getToken())});
return next.handle(clone).catch(error => {
if (error instanceof HttpErrorResponse && error.status === 401) {
this.authService.clearToken();
this.router.navigate(['/auth/signin']);
return Observable.empty();
}
return Observable.throw(error);
});
}
}
我想在if块中刷新令牌,但是当我 …
angular ×3
cookies ×1
interceptor ×1
jwt ×1
kotlin ×1
logback ×1
oauth-2.0 ×1
rabbitmq ×1
slf4j ×1
spring ×1
spring-boot ×1
token ×1
typescript ×1
websocket ×1