The assets for login page only are allowed to be public per our
requirements. So, the root module is all public, but then once they
authenticate, I'm using loadChildren to lazy load the secure module.
Yeah, a cookie would work but we've been told we are not allowed to per
some legal concerns.
Brian
On Wednesday, September 27, 2017 at 12:27:38 PM UTC-5, Lucas Lacroix wrote:
>
> How are users accessing the application in the first place? There is HTML
> and other assets needed in order to get to the point where Angular is
> running and able to import components.
>
> Why not use the typical WebSession (ie. cookie) based authentication
> usually used in this situations?
>
> On Wed, Sep 27, 2017 at 1:25 PM <olp455...@gmail.com <javascript:>> wrote:
>
>> Hi Lucas,
>> Thanks for the response. Yeah, our current requirement is that the
>> source is not considered public, so we'd have to authenticate for
>> retrieval. Removing that requirement would make this simple, but that part
>> is out of my control.
>>
>> Brian
>>
>>
>> On Wednesday, September 27, 2017 at 12:18:38 PM UTC-5, Lucas Lacroix
>> wrote:
>>
>>> It seems odd that you require authorization in order to access publicly
>>> accessible assets. You would run into the same issue using a script tag in
>>> your HTML.
>>>
>>> Can you not remove the header requirement for assets?
>>>
>>> On Wed, Sep 27, 2017, 13:14 <olp455...@gmail.com> wrote:
>>>
>> Thank you very much for sharing Sander. I used this exact technique to
>>>> create my own http extension for applying the Authorization header to all
>>>> http requests made from the application to our backend, and it works
>>>> great.
>>>> However, the problem is that Angular does not use this object (or the core
>>>> http or httpclient) for making the http request to get the lazy loaded
>>>> bundles, it uses System.import, which I would image uses the
>>>> xmlhttprequest
>>>> functions, although I wasn't able to debug it down to that level. So this
>>>> does work for calls made from the application, just not for the internal
>>>> Angular call I need to intervene on.
>>>>
>>>> Thanks,
>>>> Brian
>>>>
>>>>
>>>> On Thursday, September 21, 2017 at 2:54:41 AM UTC-5, Sander Elias wrote:
>>>>>
>>>>> Hi Brian,
>>>>>
>>>>> This sample is based on http, but you can do something similar for
>>>>> httpClient. HttpClient even has the concept of interceptors that might
>>>>> even
>>>>> simplify this.
>>>>> here we go:
>>>>> import { Injectable } from '@angular/core';
>>>>> import { Observable } from 'rxjs/Observable';
>>>>> import {
>>>>> Headers,
>>>>> Http,
>>>>> Response,
>>>>> RequestOptions,
>>>>> Request,
>>>>> BaseRequestOptions,
>>>>> RequestMethod,
>>>>> RequestOptionsArgs,
>>>>>
>>>>> } from '@angular/http';
>>>>>
>>>>>
>>>>> @Injectable()
>>>>> export class Phttp {
>>>>> private token: string;
>>>>>
>>>>> constructor(private http: Http) {
>>>>> }
>>>>>
>>>>> get(url: string, options?: RequestOptionsArgs): Observable<Response> {
>>>>> options = this._myDefaultOptions(options);
>>>>> return this.http.get(url, options)
>>>>>
>>>>> }
>>>>>
>>>>> private _header(OrgHeaders) {
>>>>> if ((!this.token) ) {
>>>>> this.token = getMyTokenFromSomewhere();
>>>>> }
>>>>> if (!this.token) {
>>>>> throw Error('no token found for pHttp')
>>>>> }
>>>>> return new Headers({
>>>>> authorization: this.token,
>>>>> ...OrgHeaders
>>>>> })
>>>>> }
>>>>>
>>>>> private _myDefaultOptions(options?: RequestOptionsArgs) {
>>>>> if (!options) {
>>>>> options = new RequestOptions();
>>>>> }
>>>>> options.headers = this._header(options.headers)
>>>>> return options;
>>>>> }
>>>>>
>>>>>
>>>>>
>>>>> post(url: string, body: any, options?: RequestOptionsArgs):
>>>>> Observable<Response> {
>>>>> options = this._myDefaultOptions(options);
>>>>> return this.http.post(url, body, options)
>>>>>
>>>>> }
>>>>> put(url: string, body: any, options?: RequestOptionsArgs):
>>>>> Observable<Response> {
>>>>> options = this._myDefaultOptions(options);
>>>>> return this.http.put(url, body , options)
>>>>>
>>>>> }
>>>>> delete(url: string, options?: RequestOptionsArgs):
>>>>> Observable<Response> {
>>>>> options = this._myDefaultOptions(options);
>>>>> return this.http.delete(url, options)
>>>>>
>>>>> }
>>>>> }
>>>>>
>>>>> Hope this is of some use to you.
>>>>>
>>>>> Regards
>>>>> Sander
>>>>>
>>>>>
>>>>>
>>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Angular and AngularJS discussion" group.
>>>>
>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to angular+u...@googlegroups.com.
>>>> To post to this group, send email to ang...@googlegroups.com.
>>>
>>>
>>>> Visit this group at https://groups.google.com/group/angular.
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>> --
>>> Lucas Lacroix
>>> Computer Scientist
>>> Advanced Technology Division, MEDITECH <http://ehr.meditech.com/>
>>> 781-774-2293
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Angular and AngularJS discussion" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to angular+u...@googlegroups.com <javascript:>.
>> To post to this group, send email to ang...@googlegroups.com
>> <javascript:>.
>> Visit this group at https://groups.google.com/group/angular.
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> Lucas Lacroix
> Computer Scientist
> Advanced Technology Division, MEDITECH <http://ehr.meditech.com/>
> 781-774-2293
>
--
You received this message because you are subscribed to the Google Groups
"Angular and AngularJS discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to angular+unsubscr...@googlegroups.com.
To post to this group, send email to angular@googlegroups.com.
Visit this group at https://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
