Reputation: 143
Spring Security with Backbone URLs
I have a single page application and i want to use spring security. In spring-security.xml file, i must give a url to prevent a user.
For example:
<security:intercept-url pattern="/#cities" access="isAuthenticated"/>
After this configuration when i try to enter without authentication
"localhost:8082/project_name/#cities"
It isn't preventing me. I can access the page.
I think, it happens because of that the URL is not real URL. There is only one page. (index.html)
How can i solve this problem? I am sorry about my bad english. Thank You!
Upvotes: 0
Views: 265
Answers (1)
Reputation: 14642
You cannot secure Routes on the back end, as nothing after the # sign in a URL is ever sent up to the server. You can secure PAGES and ajax endpoints, but you can't secure Routes (the thing after the hash #).
In your sample url there, you can only secure the /project_name part of the URL. If you don't want people to access the /project_name/#cities, then you'll need to make that a different page.
If you want to secure the #cities views, you'll need to either stop that module from rendering to the client (make sure the .js file that contains the #cities code doesn't get sent down), or you could make it so the #cities views have to retrieve data and secure the ajax endpoints instead.
Upvotes: 1
Related Questions
- URL parameter mapping on router
- backbone securityissues
- Spring Security /j_spring_security_check without JSP
- Spring Security with # in URL Pattern
- Spring Security in single page app
- loading backbone.js resources based on authentication
- Backbone.js Security
- backbone.js https
- Backbone.js REST URL with ASP.NET MVC 3
- Backbone.js URL Routing