Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id BB0AF200BEF for ; Wed, 21 Dec 2016 01:23:13 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id B9A98160B33; Wed, 21 Dec 2016 00:23:13 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id DB0BC160B29 for ; Wed, 21 Dec 2016 01:23:12 +0100 (CET) Received: (qmail 22364 invoked by uid 500); 21 Dec 2016 00:23:12 -0000 Mailing-List: contact dev-help@shiro.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@shiro.apache.org Delivered-To: mailing list dev@shiro.apache.org Received: (qmail 22346 invoked by uid 99); 21 Dec 2016 00:23:11 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Dec 2016 00:23:11 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 4AD9DC00A6 for ; Wed, 21 Dec 2016 00:23:11 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.792 X-Spam-Level: * X-Spam-Status: No, score=1.792 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URI_HEX=1.313] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=owasp-org.20150623.gappssmtp.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id TU7by5re7ZcZ for ; Wed, 21 Dec 2016 00:23:09 +0000 (UTC) Received: from mail-pg0-f54.google.com (mail-pg0-f54.google.com [74.125.83.54]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 5DDA45F1BA for ; Wed, 21 Dec 2016 00:23:09 +0000 (UTC) Received: by mail-pg0-f54.google.com with SMTP id f188so78376431pgc.3 for ; Tue, 20 Dec 2016 16:23:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=owasp-org.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=fibt91tLBf4fL72Ls2PTVTK4TILdXSX9Phrrt8x4bQY=; b=AziPfIuv2ML9uGgcLJkB7FE5ufSTeyYBpaPHhdP4CgSQF7ivGgumlMU1dYVVNUK5pb iqyeBee/D9JBRkcKWcDu5XKEA1NxCQQqqmM8mcXzPOrxTYReRTX48zAM0yZtwRrRptWF dSzp/MruJuaHBJ3C77O6O8Amy3YFc28gX022S5fsnvSJhN3LbCeJ6GLN9sUIe0tWTH6O h+JF/W/JDIMLKvRNpaMdW0zw44vUZN/ZTQN8nxD8iq5qzJqOnlaRLz3Z2FsTnFs7lcUR VnqNQqprAxAeyup1Ksw0M/og7v2f2tNjTmgKJ8dXXwFBi9vBy+eWo98Y0IZF7e6XTgWO jVaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=fibt91tLBf4fL72Ls2PTVTK4TILdXSX9Phrrt8x4bQY=; b=PXxFRkw1s88r28DYpMF7v7u/e9VcDNndkg9nrg1xlcTn+9FnjPcV0z2mIgqO6TC1sY 7JQclzx0w+gpHvQJVlOCwP1DzyfnYBPP7dYumz1a7RAmQR8E1Gllt9bgslD+9IhM44SG lBVzYcb/Ie7+sHgbRbYorbmtkPzDnf52FeL2aTJnvuNECjnORiJUoodUCdUhSdVEYyAq A9wKUren0c8nsWo0mm7qoZsB3rwU0fzU2hlbUP0SAam6dIxO9yV7zjshCSSc3Xs6dW5T M+LSqDDIqxpkaBB4IsYteKDcNaqgCvPS1Zc6iRX1ooEGMcRLOiE2NhoPCfaeQb++mHOz GE5A== X-Gm-Message-State: AIkVDXJ1uOnvJ/Ys9itMoJH4/yWVQoyd368V5p4K9GfrCBPxOOr/h/NsvGfuhe4xFJIuVaPi X-Received: by 10.98.10.3 with SMTP id s3mr1679521pfi.78.1482279780892; Tue, 20 Dec 2016 16:23:00 -0800 (PST) Received: from heembo.local ([209.136.236.94]) by smtp.gmail.com with ESMTPSA id a24sm41670754pfh.57.2016.12.20.16.22.58 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Dec 2016 16:23:00 -0800 (PST) Subject: Re: Angular 2 with Shiro To: dev@shiro.apache.org References: <1481881138078-7579637.post@n2.nabble.com> From: Jim Manico Message-ID: Date: Tue, 20 Dec 2016 16:22:56 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit archived-at: Wed, 21 Dec 2016 00:23:13 -0000 Doing server-side angular mixed with untrusted data completely destroys Angular's security model and is HIGHLY discouraged. Angular is meant for client-side rendering, only. Aloha, Jim On 12/19/16 8:21 AM, Brian Demers wrote: > Shiro's tag libraries are used for rendering pages server side. Angular is > _typically_ used for client side rendering. You could of course do some > sort of hybrid approach. > > That said the more common use pattern for this is probably using Shiro to > protect your application / REST endpoints and use Angular as your display > technology. You could also create an endpoint that exposes your > permissions/roles and use something like this project: > https://github.com/maybenull/angular-authz > > On Fri, Dec 16, 2016 at 9:57 PM, sasidhar.g@ramyamlab.com < > sasidhar.g@ramyamlab.com> wrote: > >> Thanks for the reply. Wanted to know if we can use Shiro tag lib in Angular >> 2 for authorization of buttons based on user roles. Or any other way to do >> so. >> >> Thanks, >> Sasidhar >> >> On Sat, Dec 17, 2016 at 12:50 AM, Brian Demers [via Shiro Developer] < >> ml-node+s582600n7579638h18@n2.nabble.com> wrote: >> >>> Shiro is only protecting the backend resources, so it should not be an >>> issue. >>> >>> That said, I know there are a few integrations that help tie the two >>> together, and those integrations may or may not have been updated for >>> Angular 2. >>> >>> Can you give us a little more background as to what you are doing or >>> looking for? >>> >>> >>> On Fri, Dec 16, 2016 at 1:38 AM, [hidden email] >>> < >>> [hidden email] > >>> wrote: >>> >>>> Hello, >>>> >>>> Is it possible to use, Angular 2 with Shiro ? I have got to see only >>>> Angular >>>> 1 with shiro. Please suggest if there is any possibility. >>>> >>>> Thanks, >>>> Sasidhar >>>> >>>> >>>> >>>> -- >>>> View this message in context: http://shiro-developer.582600. >>>> n2.nabble.com/Angular-2-with-Shiro-tp7579637.html >>>> Sent from the Shiro Developer mailing list archive at Nabble.com. >>>> >>> >>> ------------------------------ >>> If you reply to this email, your message will be added to the discussion >>> below: >>> http://shiro-developer.582600.n2.nabble.com/Angular-2-with- >>> Shiro-tp7579637p7579638.html >>> To unsubscribe from Angular 2 with Shiro, click here >>> > NamlServlet.jtp?macro=unsubscribe_by_code&node=7579637&code= >> c2FzaWRoYXIuZ0ByYW15YW1sYWIuY29tfDc1Nzk2Mzd8LTE1MDMwMzYzOTk=> >>> . >>> NAML >>> > NamlServlet.jtp?macro=macro_viewer&id=instant_html% >> 21nabble%3Aemail.naml&base=nabble.naml.namespaces. >> BasicNamespace-nabble.view.web.template.NabbleNamespace- >> nabble.naml.namespaces.BasicNamespace-nabble.view. >> web.template.NabbleNamespace-nabble.naml.namespaces. >> BasicNamespace-nabble.view.web.template.NabbleNamespace- >> nabble.naml.namespaces.BasicNamespace-nabble.view. >> web.template.NabbleNamespace-nabble.naml.namespaces. >> BasicNamespace-nabble.view.web.template.NabbleNamespace- >> nabble.view.web.template.NodeNamespace&breadcrumbs= >> notify_subscribers%21nabble%3Aemail.naml-instant_emails% >> 21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> >> >> >> -- >> Regards, >> Sasidhar G >> >> >> >> >> -- >> View this message in context: http://shiro-developer.582600. >> n2.nabble.com/Angular-2-with-Shiro-tp7579637p7579639.html >> Sent from the Shiro Developer mailing list archive at Nabble.com. >>