Android和REST服务调用-代码审查
[英]Android and REST service call - code review
问题描述
I have asked a similar question but the answer did not help me. 
我曾问过类似的问题,但答案并没有帮助我。 I am trying to call a rest service from my android app. 我正在尝试从我的Android应用程序调用休息服务。 The rest service looks like this: 其余服务如下所示:
@RestController
@RequestMapping("/login")
public class LoginController {
@ResponseBody
@RequestMapping(value = "/user", method = RequestMethod.GET)
public boolean getUser(@RequestParam(value = "name", required = true) String userName, @RequestParam(value = "password", required = true) String password) {
if (userName.equals("MMM") && password.equals("mmm")) {
return true;
} else {
return false;
}
}
}
I start my REST service and I try to call it from my android app like this: 我启动我的REST服务,然后尝试从我的android应用中调用它,如下所示:
public void invokeWS(RequestParams params){
AsyncHttpClient client = new AsyncHttpClient();
client.setConnectTimeout(7000);
client.get("https://ipaddress:8080/login/user/",params ,new AsyncHttpResponseHandler() {
@Override
public void onSuccess(int statusCode, Header[] headers, byte[] responseBody) {
// Hide Progress Dialog
prgDialog.hide();
try {
JSONObject obj = new JSONObject(responseBody.toString());
if(obj.getBoolean("status")){
Toast.makeText(getApplicationContext(), "You are successfully logged in!", Toast.LENGTH_LONG).show();
// Navigate to Home screen
navigatetoHomeActivity();
}
// Else display error message
else{
errorMsg.setText(obj.getString("error_msg"));
Toast.makeText(getApplicationContext(), obj.getString("error_msg"), Toast.LENGTH_LONG).show();
}
} catch (JSONException e) {
// TODO Auto-generated catch block
Toast.makeText(getApplicationContext(), "Error Occured [Server's JSON response might be invalid]!", Toast.LENGTH_LONG).show();
e.printStackTrace();
}
}
@Override
public void onFailure(int statusCode, Header[] headers, byte[] responseBody, Throwable error) {
prgDialog.hide();
if(statusCode == 404){
Toast.makeText(getApplicationContext(), "Requested resource not found", Toast.LENGTH_LONG).show();
}
else if(statusCode == 500){
Toast.makeText(getApplicationContext(), "Something went wrong at server end", Toast.LENGTH_LONG).show();
}
// When Http response code other than 404, 500
else{
Toast.makeText(getApplicationContext(), statusCode + "Unexpected Error occcured! [Most common Error: Device might not be connected to Internet or remote server is not up and running]", Toast.LENGTH_LONG).show();
// Toast.makeText(getApplicationContext(), "Unexpected Error occcured! [Most common Error: Device might not be connected to Internet or remote server is not up and running]", Toast.LENGTH_LONG).show();
}
}
});
}
The status code that I receive is 0. When I use an API to test the REST service it is OK. 我收到的状态代码为0。当我使用API测试REST服务时,就可以了。 I do not get any errors. 我没有任何错误。 I am on the same network and the firewall is turned off. 我在同一网络上,并且防火墙已关闭。
2 个解决方案
解决方案1
0 2018-12-29 22:11:11
To understand what is going wrong you need to investigate in your "error" object in onFailure method 要了解出了什么问题,您需要在onFailure方法中调查“错误”对象
@Override
public void onFailure(int statusCode, Header[] headers, byte[] responseBody, Throwable error) {
Log.i("ws", "---->>onFailure : " + error);
}
});
SUGGESTIONS: 几点建议:
1) Do not send password in GET! 1)不要在GET中发送密码!
The password must not be part of the url, please use POST and send the password in the request body 密码不能是网址的一部分,请使用POST并在请求正文中发送密码
2) Your android code looks good, but it exist a native framework to call REST services called "VOLLEY" Volley offers the following benefits: 2)您的android代码看起来不错,但是它存在一个本机框架来调用称为“ VOLLEY”的REST服务。Volley具有以下优点:
- Automatic scheduling of network requests. 自动安排网络请求。
- Multiple concurrent network connections. 多个并发网络连接。
- Transparent disk and memory response caching with standard HTTP cache coherence. 具有标准HTTP缓存一致性的透明磁盘和内存响应缓存。
- Support for request prioritization. 支持请求优先级。
- Cancellation request API. 取消请求API。 You can cancel a single request, or you can set blocks or scopes of requests to cancel. 您可以取消单个请求,也可以将请求的阻止或范围设置为取消。
- Ease of customization, for example, for retry and backoff. 易于定制,例如重试和退避。
- Strong ordering that makes it easy to correctly populate your UI with data fetched asynchronously from the network. 强大的排序功能使您可以轻松地使用从网络异步获取的数据正确填充UI。
- Debugging and tracing tools. 调试和跟踪工具。
the code is not more complex than yours... 代码并不比您的复杂...
EXAMPLE: 例:
String url = "http://my-json-feed";
JsonObjectRequest jsonObjectRequest = new JsonObjectRequest
(Request.Method.GET, url, null, new Response.Listener<JSONObject>() {
@Override
public void onResponse(JSONObject response) {
mTextView.setText("Response: " + response.toString());
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
// TODO: Handle error
}
});
https://developer.android.com/training/volley/ https://developer.android.com/training/volley/
解决方案2
0 2018-12-29 22:52:56
I can see you are doing a couple of "bad practices" here. 我可以看到您在这里做了一些“坏习惯”。
Problem 1 问题1
I can see your Spring Controller is wanting a Username and Password as URL parameters. 我可以看到您的Spring Controller想要使用用户名和密码作为URL参数。 This is a no. 这不是 A server may log URL/endpoint requests which will now contain your credentials in plain text. 服务器可能会记录URL /端点请求,该请求现在将以纯文本形式包含您的凭据。
Fix option 修复选项
- Very common -> Use an Authorization header (most common: See Basic Auth) over HTTPS. 非常常见->通过HTTPS使用授权标头(最常见:请参见基本身份验证)。
- Less common -> Pass the username and password in a POST body. 不太常见->在POST正文中传递用户名和密码。
Problem 2 问题2
Not using the framework as intended 没有按预期使用框架
I'd suggest using Spring Security. 我建议使用Spring Security。 It will make your stuff a lot more secure and worth doing in the long run. 从长远来看,它将使您的东西更加安全,值得您去做。 It will take care of authentication, roles and password hashing all for you. 它将为您处理身份验证,角色和密码哈希。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.