I am developing single-pages with Javascript + AngularJS on the client side and the Spring MVC + Spring Security Oath 2 on the server Party The Spring MVC acts as a RES controller for any AJAX request from the page.
For authorization, the script sends an "authorization: carrier ..." header with each AJX request. It works fine when requesting small amounts of data. To download XML files (export user data) I download them via AAgx, using OAuth 2 header and saving the file in the browser. Creating:
var blob = new blob ([data. Data], {'type': "text / xml"}); Var a = document.createElement ("a"); A.href = window.URL.createObjectURL (blob); A.download = "download-file-" + new date (). ToISOString () + ".xml"; A.click (); This approach works but
- uses RAM and is therefore inappropriate for large file downloads
- Proper progress / Loading does not show the bar
So, the question is: Is there a better way of downloading files with OAuth 2 authentication? JavaScript does not allow specifying the header when redirecting, and does not allow authorization token through the OAuth URL parameter. I either use
- header-from-URL encoded token,
- Instead of OAuth2, cookie-half instead of OAuth2, I'm thinking of adding a special spring MVC controller method to provide a URL that redirects the encoded HTTP request. Damage to the authorization
If anyone can do if there are similar problems, share please your approach to this problem?
Spring-protection- This is very easy in oauth2 2.0. 7.RELEASE:
Just pass the entry token as the access_token request parameter:
window.open ("service / export? Access_token = "+ AccessToken"); Now, this access token will appear in plain text in the download history, so a "logout" option should be applied properly for proper security, or download a "form Post".
No comments:
Post a Comment