[英]Spring Rest API User Authentication for One Time
我正在制作Rest API。 我必須做一次用戶身份驗證。 登錄到api后,他們不會再發出其他任何請求。 我正在使用Spring Security進行MVC身份驗證。
else if(!customerWithEmail.getPassword().equals(passwordEncoder.encode(password))){
map.put("ERROR CODE", "04 - Wrong Password");
//Doesnt work for sure.
//TODO email password auth.
return map;
}
我的用戶名和密碼驗證有問題。 我在其他模塊中將BCrypt與UserDetails一起使用。
我們的客戶擁有靜態IP地址,除了在DB中記錄IP地址外,他們無法登錄任何地方。 但是電子郵件密碼檢查對將來很有用。
@RestController
@RequestMapping(value = "/api")
public class ApiController {
@Autowired
private CustomerDao customerDao;
@Autowired
private PasswordEncoder passwordEncoder;
@RequestMapping(value = "/login", method = RequestMethod.GET)
public @ResponseBody Map customerLogin(@RequestParam(value = "email") String email, @RequestParam(value = "password") String password,
HttpServletRequest request) {
Map map = new HashMap();
try {
String customerIpAddress = request.getRemoteAddr();
Customer customerWithEmail = customerDao.getUserByEmail(email);
Customer customerWithIpAddress = customerDao.getUserByIpAddress(customerIpAddress);
if (customerWithEmail == null) {
map.put("ERROR CODE", "01 - User Not Found");
return map;
} else if (customerWithIpAddress == null) {
map.put("ERROR CODE", "02 - IP Address Not Found");
return map;
} else if (!customerWithEmail.equals(customerWithIpAddress)) {
map.put("ERROR CODE", "03 - User and IP Address Does Not Match");
return map;
}else if(!customerWithEmail.getPassword().equals(passwordEncoder.encode(password))){
map.put("ERROR CODE", "04 - Wrong Password");
//Doesnt work for sure.
//TODO email password auth.
return map;
}
else {
map.put("Email", customerWithEmail.getEmail());
map.put("Name", customerWithEmail.getName());
map.put("Surname", customerWithEmail.getSurname());
map.put("Company", customerWithEmail.getCompanyName());
return map;
}
} catch (Exception e) {
map.put("ERROR CODE", "05 - See Details");
map.put("Error", e.toString());
return map;
}
}
}
我的業務邏輯是真的嗎? 我不是。
因為BCrypt使用隨機鹽,所以不能使用encode
和equals
。 代替:
if (!passwordEncoder.matches(password, customerWithEmail.getPassword()))
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.