[英]Spring-Boot Login without Spring Security
我目前有一个具有有效登录和注册页面的应用程序。 一切进展顺利,所有测试用例都在工作,直到我遇到密码需要唯一密码的场景。 如果用户使用与现有密码相同的密码登录,则会引发错误。 有人可以引导我朝着正确的方向找出这个错误吗? 我认为它会在控制器中,但我不是 100% 确定。 我也在使用内置的 h2 内存数据库。
编辑:我也刚刚测试了另一个用例,我没有检查输入的关联电子邮件是否具有正确的密码,我只是检查输入的数据是否在数据库中。
这是主控制器
@Controller
@SessionAttributes("name")
public class MainController {
@Autowired
private AccountRepository accountRepo;
public MainController(AccountRepository accountRepo) {
this.accountRepo = accountRepo;
}
@RequestMapping(value="/registration", method = RequestMethod.POST)
public String registerAccount(@ModelAttribute("accountForm") AccountEntity accountForm, BindingResult bindingResult, Model model){
if (bindingResult.hasErrors()) {
return "error";
}
//Grabs information from view and saves them to attribute to save to database
model.addAttribute("userName", accountForm.getUserName());
model.addAttribute("email", accountForm.getEmail());
model.addAttribute("firstName", accountForm.getFirstName());
model.addAttribute("lastName", accountForm.getLastName());
model.addAttribute("password", accountForm.getPassword());
model.addAttribute("age", accountForm.getAge());
//model.addAttribute("gender", accountForm.getGender());
//Email Verification
String randomVerificationCode = RandomString.make(64);
accountForm.setVerificationCode(randomVerificationCode);
AccountEntity emailChecker = accountRepo.findByEmail(accountForm.getEmail());
AccountEntity usernameChecker = accountRepo.findByUserName(accountForm.getUserName());
//checks if an email and username are unique;
//if email or username already exists in database, throws error
if(emailChecker != null || usernameChecker != null){
System.out.println("the email or username already exists");
return "redirect:registration";
}
else{
accountRepo.save(accountForm);
return "redirect:login";
}
}
@RequestMapping(value="/login", method = RequestMethod.GET)
public String showLoginPage(ModelMap model){
model.addAttribute("login", new AccountEntity());
return "login";
}
@RequestMapping(value="/login", method = RequestMethod.POST)
public String submitLoginIn(@ModelAttribute("login") AccountEntity account){
AccountEntity accountFormEmail = accountRepo.findByEmail(account.getEmail());
AccountEntity accountFormPassword = accountRepo.findByPassword(account.getPassword());
// Can't login if passwords are the same as an existing account --> need to fix
if(accountFormEmail == null || accountFormPassword == null)
{
System.out.print("Account does not exist");
return "redirect:login";
}
else {
System.out.print("account exist");
return "redirect:welcome"; //Change later
}
}
}
这是 AccountEntity
package com.CSCI4050.TermProject.CovidWebsite.entities;
import javax.management.relation.Role;
import javax.persistence.*;
import javax.validation.constraints.Email;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.Size;
import java.util.Set;
@Entity (name = "user")
public class AccountEntity {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
private String firstName;
private String lastName;
private String userName;
private String email;
private String password;
//private String gender;
private Integer age;
private String verificationCode;
//Getters and Setters
public void setId(Long id) {
this.id = id;
}
public Long getId() {
return id;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public String getFirstName() {
return firstName;
}
public String getLastName() {
return lastName;
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
/*
public String getGender() {
return gender;
}
public void setGender(String gender) {
this.gender = gender;
}
*/
public Integer getAge() {
return age;
}
public void setAge(Integer age) {
this.age = age;
}
public String getVerificationCode() {
return verificationCode;
}
public void setVerificationCode(String verificationCode) {
this.verificationCode = verificationCode;
}
}
这是 login.jsp
<%@ page import="java.net.URLDecoder" %>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<html>
<head>
<!-- Required MetaFiles -->
<meta name="content-type" content="text-html" charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="keywords" content="keyword1, keyword2, keyword3">
<meta name="description" content="this is my page">
<!-- Webjars for Bootstrap and Jquery -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
<style><%@include file="/WEB-INF/css/login.css"%></style>
<title>Login</title>
</head>
<body>
<%--@elvariable id="login" type=""--%>
<form:form modelAttribute="login" >
<div class="form-group container" id="positionOfLogin" style="text-align: center">
<div>
<form:input type="email"
class="form-control MyInput"
id="email"
style="display: inline; width: 300px;"
placeholder="email@example.com"
path="email"/>
</div>
<div>
<form:input type="password"
name="password"
class="form-control MyInput"
id="password"
placeholder="password"
path="password"/>
</div>
<div>
<form:button type="submit" style="text-align: center" class="form-control MyButton">Login</form:button>
</div>
<div>
<a href="/registration"
type="submit" class="form-control MyButton" >Sign Up</a>
</div>
</div>
</form:form>
</body>
</html>```
如果您的密码以普通方式保存,则当前逻辑是可以的。 但是安全级别太低了。 我建议你用 MD5 编码密码然后保存到数据库。 用 MD5 编码的相同字符串具有相同的结果。 所以你可以避免在数据库中保存普通密码。
MD5编码器目前不安全,因为网上有更多的解码器方式。 你应该好好保护数据库。 建议用户定期更改密码是一个很好的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.