[英]Android and REST service call - code review
I have asked a similar question but the answer did not help me. 我曾问过类似的问题,但答案并没有帮助我。 I am trying to call a rest service from my android app.
我正在尝试从我的Android应用程序调用休息服务。 The rest service looks like this:
其余服务如下所示:
@RestController
@RequestMapping("/login")
public class LoginController {
@ResponseBody
@RequestMapping(value = "/user", method = RequestMethod.GET)
public boolean getUser(@RequestParam(value = "name", required = true) String userName, @RequestParam(value = "password", required = true) String password) {
if (userName.equals("MMM") && password.equals("mmm")) {
return true;
} else {
return false;
}
}
}
I start my REST service and I try to call it from my android app like this: 我启动我的REST服务,然后尝试从我的android应用中调用它,如下所示:
public void invokeWS(RequestParams params){
AsyncHttpClient client = new AsyncHttpClient();
client.setConnectTimeout(7000);
client.get("https://ipaddress:8080/login/user/",params ,new AsyncHttpResponseHandler() {
@Override
public void onSuccess(int statusCode, Header[] headers, byte[] responseBody) {
// Hide Progress Dialog
prgDialog.hide();
try {
JSONObject obj = new JSONObject(responseBody.toString());
if(obj.getBoolean("status")){
Toast.makeText(getApplicationContext(), "You are successfully logged in!", Toast.LENGTH_LONG).show();
// Navigate to Home screen
navigatetoHomeActivity();
}
// Else display error message
else{
errorMsg.setText(obj.getString("error_msg"));
Toast.makeText(getApplicationContext(), obj.getString("error_msg"), Toast.LENGTH_LONG).show();
}
} catch (JSONException e) {
// TODO Auto-generated catch block
Toast.makeText(getApplicationContext(), "Error Occured [Server's JSON response might be invalid]!", Toast.LENGTH_LONG).show();
e.printStackTrace();
}
}
@Override
public void onFailure(int statusCode, Header[] headers, byte[] responseBody, Throwable error) {
prgDialog.hide();
if(statusCode == 404){
Toast.makeText(getApplicationContext(), "Requested resource not found", Toast.LENGTH_LONG).show();
}
else if(statusCode == 500){
Toast.makeText(getApplicationContext(), "Something went wrong at server end", Toast.LENGTH_LONG).show();
}
// When Http response code other than 404, 500
else{
Toast.makeText(getApplicationContext(), statusCode + "Unexpected Error occcured! [Most common Error: Device might not be connected to Internet or remote server is not up and running]", Toast.LENGTH_LONG).show();
// Toast.makeText(getApplicationContext(), "Unexpected Error occcured! [Most common Error: Device might not be connected to Internet or remote server is not up and running]", Toast.LENGTH_LONG).show();
}
}
});
}
The status code that I receive is 0. When I use an API to test the REST service it is OK. 我收到的状态代码为0。当我使用API测试REST服务时,就可以了。 I do not get any errors.
我没有任何错误。 I am on the same network and the firewall is turned off.
我在同一网络上,并且防火墙已关闭。
To understand what is going wrong you need to investigate in your "error" object in onFailure method 要了解出了什么问题,您需要在onFailure方法中调查“错误”对象
@Override
public void onFailure(int statusCode, Header[] headers, byte[] responseBody, Throwable error) {
Log.i("ws", "---->>onFailure : " + error);
}
});
SUGGESTIONS: 几点建议:
1) Do not send password in GET! 1)不要在GET中发送密码!
The password must not be part of the url, please use POST and send the password in the request body 密码不能是网址的一部分,请使用POST并在请求正文中发送密码
2) Your android code looks good, but it exist a native framework to call REST services called "VOLLEY" Volley offers the following benefits: 2)您的android代码看起来不错,但是它存在一个本机框架来调用称为“ VOLLEY”的REST服务。Volley具有以下优点:
the code is not more complex than yours... 代码并不比您的复杂...
EXAMPLE: 例:
String url = "http://my-json-feed";
JsonObjectRequest jsonObjectRequest = new JsonObjectRequest
(Request.Method.GET, url, null, new Response.Listener<JSONObject>() {
@Override
public void onResponse(JSONObject response) {
mTextView.setText("Response: " + response.toString());
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
// TODO: Handle error
}
});
https://developer.android.com/training/volley/ https://developer.android.com/training/volley/
I can see you are doing a couple of "bad practices" here. 我可以看到您在这里做了一些“坏习惯”。
Problem 1 问题1
I can see your Spring Controller is wanting a Username and Password as URL parameters. 我可以看到您的Spring Controller想要使用用户名和密码作为URL参数。 This is a no.
这不是 A server may log URL/endpoint requests which will now contain your credentials in plain text.
服务器可能会记录URL /端点请求,该请求现在将以纯文本形式包含您的凭据。
Fix option 修复选项
Problem 2 问题2
Not using the framework as intended 没有按预期使用框架
I'd suggest using Spring Security. 我建议使用Spring Security。 It will make your stuff a lot more secure and worth doing in the long run.
从长远来看,它将使您的东西更加安全,值得您去做。 It will take care of authentication, roles and password hashing all for you.
它将为您处理身份验证,角色和密码哈希。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.