AngularJS and Spring backend - Obtaining password from database as user.password in AngularJS
Question
so I am calling Login function when the user logs in. This function calls UserService.GetByEmail, which does a GET HTTP request that fetches User from database and returns the User as a response if there's a User with email typed in login. After that, I do the authentication with if (user !== null && user.password === password) { part. However, when I look at console output, I do have an Object for user variable, but I have nothing for user.password to compare with password. How do I put the User password from response into user.password?
(function () {
'use strict';
angular
.module('app')
.factory('AuthenticationService', AuthenticationService);
AuthenticationService.$inject = ['$http', '$cookieStore', '$rootScope', '$timeout', 'UserService'];
function AuthenticationService($http, $cookieStore, $rootScope, $timeout, UserService) {
var service = {};
service.Login = Login;
service.SetCredentials = SetCredentials;
service.ClearCredentials = ClearCredentials;
return service;
function Login(email, password, callback) {
$http.post('/user/authenticate', { username: username, password: password })
.success(function (response) {
callback(response);
});
}
Then here is part of my UserController in the backend.
@RequestMapping(value = "/user/authenticate", method = RequestMethod.POST)
public ResponseEntity<Void> authenticateUser(@RequestBody User user, UriComponentsBuilder ucBuilder) {
}
I'm not sure how I should authenticate in the backend. What are the steps needed to do this?
2 answers
solution1
0 2016-04-09 21:25:27
There's a few things:
- This cannot be all the code involved: it's not clear what the UserService object or AuthenticationService factory function are.
- Moreover one expects that you would not have a password to compare with anyway (that be a bit of a security hole).
Instead, authentication should be considered successful if the HTTP status code is 200 (or other 2xx codes depending on the backend). Ordinarily, this means that if you enter the then() clause of the promise the login must have been successful, because 4xx codes would have been mapped to failures and reported through catch() instead.
solution2
0 ACCPTED 2016-04-09 22:15:37
You shouldn't be sending password in any form to the client. If you're using Spring Security, you need to call the login handler on the server.
You should look into using something like JWT instead (read more here https://www.toptal.com/java/rest-security-with-jwt-spring-security-and-java ) or if you really need to be using form based security for some reason you can login to the server by using this block of code.
this.login = function (username, password, rememberMe) {
if (rememberMe === undefined) rememberMe = false;
return $http.post(
'/j_spring_security_check',
$.param({
j_username: username,
j_password: password,
j_remember: rememberMe
}),
{
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest'
}
}
).then(_.bind(function (response) {
if (response.data.success === true) {
//something to happen on login
}
return $q.reject(response);
}, this));
};
this.logout = function () {
$http.get('/j_spring_security_logout').then(_.bind(function () {
//something to happen on logout
}, this));
};
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.