After login, I stored token and userRole in localStorage... I tried to inject a random token (without login) in localStorage via navigator and then, I can get access to the restricted page...

I want to prevent this security issue... I thought about a database where to store my token directly after the login and then compare it with the one that exists in localStorage.

isAuthenticated():boolean{
 
       const token = localStorage.getItem('token');

        return !!token;
  }

After login, I stored token and userRole in localStorage... I tried to inject a random token (without login) in localStorage via navigator and then, I can get access to the restricted page...

I want to prevent this security issue... I thought about a database where to store my token directly after the login and then compare it with the one that exists in localStorage.

isAuthenticated():boolean{
 
       const token = localStorage.getItem('token');

        return !!token;
  }

• angular
• spring-boot
• authentication
• jwt

Share Improve this question Follow edited Jan 31 at 9:40 Luca 68844 silver badges1616 bronze badges asked Jan 29 at 11:36 user29415755user29415755 1 1

• Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Bot Commented Jan 29 at 15:52

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

A token is used to restrict access to the calls to the Spring back-end. All your code is doing is returning true for any token. There is no call to the back-end.

The correct configuration of Spring Security is required in the back-end - it may already be setup. Spring security will validate the token and check roles before permitting the call to start.

Also you need to add the Authorization Bearer header to each call to the back-end.