ЛР6(Vue) еще чуть-чуть безопасности

This commit is contained in:
ityurner02@mail.ru 2023-06-11 21:28:10 +04:00
parent 24190594f1
commit cf09538c11
3 changed files with 36 additions and 1 deletions

View File

@ -5,7 +5,39 @@
components: { components: {
Header, Header,
Footer Footer
},
data() {
return {
tokenFromServer: undefined,
userFromServer: undefined,
securityError: false,
} }
},
created() {
const self = this
window.addEventListener('storage', function(e){
console.log(e)
if(e.key === "token")
if(this.tokenFromServer !== e.newValue) {
self.storageSecurity()
}
if(e.key === "user")
if(this.userFromServer !== e.newValue) {
self.storageSecurity()
}
})
},
methods: {
storageSecurity(){
localStorage.clear()
this.$router.push("/login")
this.securityError = true
},
saveServerData(data){
this.tokenFromServer = data.token
this.userFromServer = data.user
},
},
} }
</script> </script>

Binary file not shown.

View File

@ -2,7 +2,9 @@ package ru.ulstu.is.lab1.DataBase.controller;
import ru.ulstu.is.lab1.DataBase.configuration.OpenAPI30Configuration; import ru.ulstu.is.lab1.DataBase.configuration.OpenAPI30Configuration;
import ru.ulstu.is.lab1.DataBase.model.User; import ru.ulstu.is.lab1.DataBase.model.User;
import ru.ulstu.is.lab1.DataBase.model.UserRole;
import ru.ulstu.is.lab1.DataBase.service.UserService; import ru.ulstu.is.lab1.DataBase.service.UserService;
import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestBody;
@ -19,6 +21,7 @@ public class UserController {
this.userService = userService; this.userService = userService;
} }
@GetMapping(OpenAPI30Configuration.API_PREFIX + "/user") @GetMapping(OpenAPI30Configuration.API_PREFIX + "/user")
@Secured({UserRole.AsString.ADMIN})
public List<User> getUsers() { public List<User> getUsers() {
return userService.findAllUsers(); return userService.findAllUsers();
} }