shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Manico <jim.man...@owasp.org>
Subject Re: Angular 2 with Shiro
Date Wed, 21 Dec 2016 00:22:56 GMT
Doing server-side angular mixed with untrusted data completely destroys
Angular's security model and is HIGHLY discouraged. Angular is meant for
client-side rendering, only.

Aloha, Jim


On 12/19/16 8:21 AM, Brian Demers wrote:
> Shiro's tag libraries are used for rendering pages server side. Angular is
> _typically_ used for client side rendering.  You could of course do some
> sort of hybrid approach.
>
> That said the more common use pattern for this is probably using Shiro to
> protect your application / REST endpoints and use Angular as your display
> technology.  You could also create an endpoint that exposes your
> permissions/roles and use something like this project:
> https://github.com/maybenull/angular-authz
>
> On Fri, Dec 16, 2016 at 9:57 PM, sasidhar.g@ramyamlab.com <
> sasidhar.g@ramyamlab.com> wrote:
>
>> Thanks for the reply. Wanted to know if we can use Shiro tag lib in Angular
>> 2 for authorization of buttons based on user roles. Or any other way to do
>> so.
>>
>> Thanks,
>> Sasidhar
>>
>> On Sat, Dec 17, 2016 at 12:50 AM, Brian Demers [via Shiro Developer] <
>> ml-node+s582600n7579638h18@n2.nabble.com> wrote:
>>
>>> Shiro is only protecting the backend resources, so it should not be an
>>> issue.
>>>
>>> That said, I know there are a few integrations that help tie the two
>>> together, and those integrations may or may not have been updated for
>>> Angular 2.
>>>
>>> Can you give us a little more background as to what you are doing or
>>> looking for?
>>>
>>>
>>> On Fri, Dec 16, 2016 at 1:38 AM, [hidden email]
>>> <http:///user/SendEmail.jtp?type=node&node=7579638&i=0> <
>>> [hidden email] <http:///user/SendEmail.jtp?type=node&node=7579638&i=1>>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> Is it possible to use, Angular 2 with Shiro ? I have got to see only
>>>> Angular
>>>> 1 with shiro. Please suggest if there is any possibility.
>>>>
>>>> Thanks,
>>>> Sasidhar
>>>>
>>>>
>>>>
>>>> --
>>>> View this message in context: http://shiro-developer.582600.
>>>> n2.nabble.com/Angular-2-with-Shiro-tp7579637.html
>>>> Sent from the Shiro Developer mailing list archive at Nabble.com.
>>>>
>>>
>>> ------------------------------
>>> If you reply to this email, your message will be added to the discussion
>>> below:
>>> http://shiro-developer.582600.n2.nabble.com/Angular-2-with-
>>> Shiro-tp7579637p7579638.html
>>> To unsubscribe from Angular 2 with Shiro, click here
>>> <http://shiro-developer.582600.n2.nabble.com/template/
>> NamlServlet.jtp?macro=unsubscribe_by_code&node=7579637&code=
>> c2FzaWRoYXIuZ0ByYW15YW1sYWIuY29tfDc1Nzk2Mzd8LTE1MDMwMzYzOTk=>
>>> .
>>> NAML
>>> <http://shiro-developer.582600.n2.nabble.com/template/
>> NamlServlet.jtp?macro=macro_viewer&id=instant_html%
>> 21nabble%3Aemail.naml&base=nabble.naml.namespaces.
>> BasicNamespace-nabble.view.web.template.NabbleNamespace-
>> nabble.naml.namespaces.BasicNamespace-nabble.view.
>> web.template.NabbleNamespace-nabble.naml.namespaces.
>> BasicNamespace-nabble.view.web.template.NabbleNamespace-
>> nabble.naml.namespaces.BasicNamespace-nabble.view.
>> web.template.NabbleNamespace-nabble.naml.namespaces.
>> BasicNamespace-nabble.view.web.template.NabbleNamespace-
>> nabble.view.web.template.NodeNamespace&breadcrumbs=
>> notify_subscribers%21nabble%3Aemail.naml-instant_emails%
>> 21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>
>>
>> --
>> Regards,
>> Sasidhar G
>>
>>
>>
>>
>> --
>> View this message in context: http://shiro-developer.582600.
>> n2.nabble.com/Angular-2-with-Shiro-tp7579637p7579639.html
>> Sent from the Shiro Developer mailing list archive at Nabble.com.
>>


Mime
View raw message