[英]Android, login using Rest API
I have an android app with a login that sends login information over https to a java rest api that verifies the login credentials and then sends back a response stating whether the login was successful. 我有一个带有登录的Android应用程序,通过https将登录信息发送到验证登录凭据的java rest api,然后发回一个响应,说明登录是否成功。 My question is simple, what should I do to make sure the user doesn't have to login in again when they restart the app? 我的问题很简单,我该怎么做才能确保用户在重启应用程序时不必再次登录?
There are many ways to deal with one time login, it depends a lot on how the architecture is implemented on server side to make it work. 有很多方法可以处理一次性登录,这很大程度上取决于如何在服务器端实现体系结构以使其工作。 Usually Login API are closely coupled
for security reason. 由于安全原因,通常Login API closely coupled
。 let me example what I mean by closely coupled
. 让我举例说明我的意思是closely coupled
。
As you want to Login
in to Mobile App
work once and the next time user opens the Mobile app
you don't want to prompt user with SignIn
screen again. 当您想要Login
Mobile App
工作一次,并且下次用户打开Mobile app
您不希望再次提示用户使用SignIn
屏幕。 and surely you don't want to save the confidential information like Username
and Password
on Mobile app as persistent data, as it can be fetched easily from android device. 当然,您不希望将移动应用上的Username
和Password
等机密信息Username
为持久数据,因为它可以从Android设备轻松获取。 so what you do. 那你干什么。
Lets assume you pass login credentials with a deviceID
unique to the Android Device
. 让我们假设您传递了具有Android Device
唯一的deviceID
登录凭据。 Something like shown below. 如下所示的东西。 following is the JSON
data sent to the LoginAPI
以下是发送到LoginAPI
的JSON
数据
{
"username": "example@example.com",
"password": "it's not a secret",
"deviceId": "123456789"
}
Now as you don't want to save the Login
credentials, server will generate a random alpha numeric String
pass it to you in response every time you login to the Mobile App. 现在,由于您不想保存Login
凭据,服务器将生成随机字母数字String
,每次您登录移动应用程序时都会将其传递给您。
{
"Success": true,
"SuccessMessage": "credentials are correct, really!",
"ErrorMessage": null,
"Date": "dd/mm/yyyy",
"token": "1eghe4qha23aehraeh456789" // now this is a nasty String
}
you may now save the date
and the token
in Mobile App as persistent data. 您现在可以将date
和token
作为持久数据保存在Mobile App中。 So next time your user opens the app you may let user bypass the SignIn
screen, and in background you can check if users token id is correct by sending that to the server, something like this. 因此,下次用户打开应用程序时,您可以让用户绕过SignIn
屏幕,在后台,您可以通过将用户令牌ID发送到服务器来检查用户令牌ID是否正确,如下所示。 you may choose SharedPreferences or create a file and save it there 您可以选择SharedPreferences或创建文件并将其保存在那里
{
"API_TYPE": "login",
"deviceId": "123456789",
"token": "1eghe4qha23aehraeh456789"
}
Server may check this token id against the deviceID
to check if this was the correct token for the device and respond. 服务器可以针对deviceID
检查此令牌ID,以检查这是否是设备的正确令牌并进行响应。
You may ask why are we checking the token
again as this was sent by the server in first place stating the credentials were correct. 您可能会问我们为什么要再次检查token
,因为这是服务器首先发出的,表明凭据是正确的。 I agree you do have a point, lets say it is a fail safe condition, if the user changes the password from the website or something which causes to change the token on server for that user to change, if the server denies the token provided by you just ask the user to login again. 我同意你有一个观点,假设它是一个故障安全条件,如果用户从网站更改密码或导致更改服务器上的令牌以供该用户更改的东西,如果服务器拒绝提供的令牌你只是要求用户再次登录。
This will make sure that a user is logged in to only one Android Device
at any given point of time. 这将确保用户在任何给定的时间点仅登录到一个Android Device
。
You can store the credentials after the first login. 您可以在首次登录后存储凭据。 So when the user restart app, you can automatically make the request auth. 因此,当用户重新启动应用程序时,您可以自动生成请求身份验证。
You can chose the best option to storage the credentials using the doc: Data-Storage 您可以使用doc: Data-Storage选择存储凭据的最佳选项
This is simple, but maybe not the best way to do this. 这很简单,但也许不是最好的方法。
I have the same problme,and I got a Json data from the server like this 我有同样的问题,我从服务器获得了这样的Json数据
{"error":0,"message":"ok","token":"7c75015e92e40511911e34752ee456e1","execute_time":"0.2723"}
so I keep the StuToken
in SharedPreferences,and when my app start,check the StuToken
does it exist,like this 所以我将StuToken
保留在SharedPreferences中,当我的应用程序启动时,检查StuToken
它是否存在,就像这样
Map<String, String> loginInfo = InfoUtil.getLoginInfo(MainActivity.this);
if (loginInfo != null) {
if (loginInfo.get("StuToken") != null) {
getStuInfo(loginInfo.get("StuToken"));
Toast.makeText(MainActivity.this, "登录状态", Toast.LENGTH_SHORT).show();
} else {
initIntent(LoginActivity.class);
this.finish();
}
} else {
initIntent(LoginActivity.class);
this.finish();
}
}
hope that will works for you 希望这对你有用
Try out this code in your SplashScreen Activity.You can store a value in a sharedPrefence to check whether user is Logged in or not. 在SplashScreen Activity中试用此代码。您可以在sharedPrefence中存储一个值,以检查用户是否已登录。
public class SplashActivity extends AppCompatActivity {
private static final long TIME_OUT_MILI = 3000;
private SharedPreferences mAppPreferences;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_splash);
mAppPreferences = AppUtil.getAppPreferences(this);
new Handler().postDelayed(new Runnable() {
@Override
public void run() {
if (mAppPreferences.getBoolean("is_Logged_in", false)) {
startActivity(new Intent(SplashActivity.this, MainActivity.class));
} else {
startActivity(new Intent(SplashActivity.this, LoginActivity.class));
}
finish();
}
}, TIME_OUT_MILI);
}
}
In Your LoginActivity's do this: 在您的LoginActivity中执行此操作:
public class LoginActivity extends AppCompatActivity {
private SharedPreferences mAppPreferences;
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_login);
SharedPreferences.Editor editor = mAppPreferences.edit();
editor.putBoolean(Constants.SETTINGS_IS_LOGGED_IN, true);
editor.commit();
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.