mirror of
https://github.com/Alfresco/alfresco-ng2-components.git
synced 2025-07-24 17:32:15 +00:00
391094e467
* Provide a way to check the resorces_access of a jwt token * Add unit test in case the client role is missing or contains a different one * Improve the documentation related to the AuthGuardSSO
76 lines
2.2 KiB
Markdown
76 lines
2.2 KiB
Markdown
---
|
|
Title: Auth Guard SSO Role service
|
|
Added: v3.1.0
|
|
Status: Active
|
|
Last reviewed: 2019-03-19
|
|
---
|
|
|
|
# [Auth Guard SSO role service](../../../lib/core/services/auth-guard-sso-role.service.ts "Defined in auth-guard-sso-role.service.ts")
|
|
|
|
Checks the user roles of a user.
|
|
|
|
## Details
|
|
|
|
The [Auth Guard SSO role service](../../core/services/auth-guard-sso-role.service.md) implements an Angular
|
|
[route guard](https://angular.io/guide/router#milestone-5-route-guards)
|
|
to check the user has the right realms/client roles permission. This is typically used with the
|
|
`canActivate` guard check in the route definition. The Auth Guard SSO is resposible to check if the JWT contains Realm roles (realm_access) or Client roles (resource_access) based on the route configuration.
|
|
|
|
*Realms role Example*
|
|
```ts
|
|
const appRoutes: Routes = [
|
|
...
|
|
{
|
|
path: 'examplepath',
|
|
component: ExampleComponent,
|
|
canActivate: [ AuthGuardSsoRoleService ],
|
|
data: { roles: ['USER_ROLE1', 'USER_ROLE2']}
|
|
},
|
|
...
|
|
]
|
|
```
|
|
|
|
If the user now clicks on a link or button that follows this route, they will be not able to access this content if they do not have the Realms roles.
|
|
|
|
|
|
Client role Example
|
|
```ts
|
|
const appRoutes: Routes = [
|
|
...
|
|
{
|
|
path: ':examplepath',
|
|
component: ExampleComponent,
|
|
canActivate: [ AuthGuardSsoRoleService ],
|
|
data: { clientRoles: ['examplepath'], roles: ['ACTIVITI_USER']},
|
|
},
|
|
...
|
|
]
|
|
```
|
|
|
|
If the user now clicks on a link or button that follows this route, they will be not able to access this content if they do not have the Client roles.
|
|
|
|
## Redirect over forbidden
|
|
|
|
If the you want to redirect the user to a page after a forbidden access, you can use the **redirectUrl** as in the example below:
|
|
|
|
```ts
|
|
const appRoutes: Routes = [
|
|
...
|
|
{
|
|
path: 'examplepath',
|
|
component: ExampleComponent,
|
|
canActivate: [ AuthGuardSsoRoleService ],
|
|
data: { roles: ['ACTIVITI_USER'], redirectUrl: '/error/403'}
|
|
},
|
|
...
|
|
]
|
|
```
|
|
|
|
**Note**: you can use this Guard in and with the other ADF auth guards.
|
|
|
|
## See also
|
|
|
|
- [Auth guard ecm service](auth-guard-ecm.service.md)
|
|
- [Auth guard bpm service](auth-guard-bpm.service.md)
|
|
- [Auth guard service](auth-guard.service.md)
|