emberjs手柄401未授权 [英] emberjs handle 401 not authorized
问题描述
我正在构建一个ember.js应用程序,并挂断身份验证。 json休息后端是rails。每个请求都使用会话cookie进行身份验证(监护人)。
当用户首次导航到应用程序时,根目录下的rails将重定向到登录页面。会话被授权后,将加载ember.js应用程序。一旦加载,ember.js应用程序使用ember-data RESTadapter和会话进行授权请求到后端。
问题是会话将在预定时间后过期。很多时候,发生这种情况,ember.js应用仍然被加载。所以对后端的所有请求都会返回一个401 {not autorized}响应。
为了解决这个问题,我想ember.js应用程序需要在每次从服务器返回401(未自动化)的响应时通知用户登录模式。有没有人知道如何收听401(不自动)的响应,并允许用户重新登录,而不会丢失任何更改或状态。
我已经看到其他方法,如令牌授权,但我关心的安全性影响。
任何人都有解决这个问题的解决方案?
AFAIK这不是由当前实现的ember数据来解决的,并且ember-data README声明处理错误状态位于路线图。
暂时可以实现自己的错误处理适配器。看看 DS的实施.RestAdapter 。通过使用它作为启动器,在其中添加错误处理不应该太困难(例如,简单地将错误函数添加到传递给jQuery.ajax调用的数据散列)。
I am building an ember.js application and am hung up on authentication. The json rest backend is rails. Every request is authenticated using a session cookie (warden).
When a user first navigates to the application root rails redirects to a login page. Once the session is authorized the ember.js app is loaded. Once loaded the ember.js app makes requests to the backend using ember-data RESTadapter and the session for authorization.
The problem is the session will expire after a predetermined amount of time. Many times when this happens the ember.js app is still loaded. So all requests to the backend return a 401 {not autorized} response.
To fix this problem I am thinking the ember.js app needs to notify the user with a login modal every time a 401 {not autorized} response is returned from the server.
Does anyone know how to listen for a 401 {not autorized} response and allow the user to re-login without losing any changes or state.
I have seen other approaches such as token authorization but I am concerned with the security implications.
Anybody have a working solution to this problem?
AFAIK this is not addressed by the current implementation of ember-data and the ember-data README states that "Handle error states" is on the Roadmap.
For the time being, you can implement your own error handling adapter. Take a look at the implementation of the DS.RestAdapter . By using that as a starter, it should not be too difficult to add error handling in there (e.g simply add an error function to the the data hash that is passed to the jQuery.ajax call).
这篇关于emberjs手柄401未授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
