391094e467
* Provide a way to check the resorces_access of a jwt token * Add unit test in case the client role is missing or contains a different one * Improve the documentation related to the AuthGuardSSO
2.2 KiB
Title, Added, Status, Last reviewed
| Title | Added | Status | Last reviewed |
|---|---|---|---|
| Auth Guard SSO Role service | v3.1.0 | Active | 2019-03-19 |
Auth Guard SSO role service
Checks the user roles of a user.
Details
The Auth Guard SSO role service implements an Angular
route guard
to check the user has the right realms/client roles permission. This is typically used with the
canActivate guard check in the route definition. The Auth Guard SSO is resposible to check if the JWT contains Realm roles (realm_access) or Client roles (resource_access) based on the route configuration.
Realms role Example
const appRoutes: Routes = [
...
{
path: 'examplepath',
component: ExampleComponent,
canActivate: [ AuthGuardSsoRoleService ],
data: { roles: ['USER_ROLE1', 'USER_ROLE2']}
},
...
]
If the user now clicks on a link or button that follows this route, they will be not able to access this content if they do not have the Realms roles.
Client role Example
const appRoutes: Routes = [
...
{
path: ':examplepath',
component: ExampleComponent,
canActivate: [ AuthGuardSsoRoleService ],
data: { clientRoles: ['examplepath'], roles: ['ACTIVITI_USER']},
},
...
]
If the user now clicks on a link or button that follows this route, they will be not able to access this content if they do not have the Client roles.
Redirect over forbidden
If the you want to redirect the user to a page after a forbidden access, you can use the redirectUrl as in the example below:
const appRoutes: Routes = [
...
{
path: 'examplepath',
component: ExampleComponent,
canActivate: [ AuthGuardSsoRoleService ],
data: { roles: ['ACTIVITI_USER'], redirectUrl: '/error/403'}
},
...
]
Note: you can use this Guard in and with the other ADF auth guards.