[英]Spring-Boot Login without Spring Security
我目前有一個具有有效登錄和注冊頁面的應用程序。 一切進展順利,所有測試用例都在工作,直到我遇到密碼需要唯一密碼的場景。 如果用戶使用與現有密碼相同的密碼登錄,則會引發錯誤。 有人可以引導我朝着正確的方向找出這個錯誤嗎? 我認為它會在控制器中,但我不是 100% 確定。 我也在使用內置的 h2 內存數據庫。
編輯:我也剛剛測試了另一個用例,我沒有檢查輸入的關聯電子郵件是否具有正確的密碼,我只是檢查輸入的數據是否在數據庫中。
這是主控制器
@Controller
@SessionAttributes("name")
public class MainController {
@Autowired
private AccountRepository accountRepo;
public MainController(AccountRepository accountRepo) {
this.accountRepo = accountRepo;
}
@RequestMapping(value="/registration", method = RequestMethod.POST)
public String registerAccount(@ModelAttribute("accountForm") AccountEntity accountForm, BindingResult bindingResult, Model model){
if (bindingResult.hasErrors()) {
return "error";
}
//Grabs information from view and saves them to attribute to save to database
model.addAttribute("userName", accountForm.getUserName());
model.addAttribute("email", accountForm.getEmail());
model.addAttribute("firstName", accountForm.getFirstName());
model.addAttribute("lastName", accountForm.getLastName());
model.addAttribute("password", accountForm.getPassword());
model.addAttribute("age", accountForm.getAge());
//model.addAttribute("gender", accountForm.getGender());
//Email Verification
String randomVerificationCode = RandomString.make(64);
accountForm.setVerificationCode(randomVerificationCode);
AccountEntity emailChecker = accountRepo.findByEmail(accountForm.getEmail());
AccountEntity usernameChecker = accountRepo.findByUserName(accountForm.getUserName());
//checks if an email and username are unique;
//if email or username already exists in database, throws error
if(emailChecker != null || usernameChecker != null){
System.out.println("the email or username already exists");
return "redirect:registration";
}
else{
accountRepo.save(accountForm);
return "redirect:login";
}
}
@RequestMapping(value="/login", method = RequestMethod.GET)
public String showLoginPage(ModelMap model){
model.addAttribute("login", new AccountEntity());
return "login";
}
@RequestMapping(value="/login", method = RequestMethod.POST)
public String submitLoginIn(@ModelAttribute("login") AccountEntity account){
AccountEntity accountFormEmail = accountRepo.findByEmail(account.getEmail());
AccountEntity accountFormPassword = accountRepo.findByPassword(account.getPassword());
// Can't login if passwords are the same as an existing account --> need to fix
if(accountFormEmail == null || accountFormPassword == null)
{
System.out.print("Account does not exist");
return "redirect:login";
}
else {
System.out.print("account exist");
return "redirect:welcome"; //Change later
}
}
}
這是 AccountEntity
package com.CSCI4050.TermProject.CovidWebsite.entities;
import javax.management.relation.Role;
import javax.persistence.*;
import javax.validation.constraints.Email;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.Size;
import java.util.Set;
@Entity (name = "user")
public class AccountEntity {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
private String firstName;
private String lastName;
private String userName;
private String email;
private String password;
//private String gender;
private Integer age;
private String verificationCode;
//Getters and Setters
public void setId(Long id) {
this.id = id;
}
public Long getId() {
return id;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public String getFirstName() {
return firstName;
}
public String getLastName() {
return lastName;
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
/*
public String getGender() {
return gender;
}
public void setGender(String gender) {
this.gender = gender;
}
*/
public Integer getAge() {
return age;
}
public void setAge(Integer age) {
this.age = age;
}
public String getVerificationCode() {
return verificationCode;
}
public void setVerificationCode(String verificationCode) {
this.verificationCode = verificationCode;
}
}
這是 login.jsp
<%@ page import="java.net.URLDecoder" %>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<html>
<head>
<!-- Required MetaFiles -->
<meta name="content-type" content="text-html" charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="keywords" content="keyword1, keyword2, keyword3">
<meta name="description" content="this is my page">
<!-- Webjars for Bootstrap and Jquery -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
<style><%@include file="/WEB-INF/css/login.css"%></style>
<title>Login</title>
</head>
<body>
<%--@elvariable id="login" type=""--%>
<form:form modelAttribute="login" >
<div class="form-group container" id="positionOfLogin" style="text-align: center">
<div>
<form:input type="email"
class="form-control MyInput"
id="email"
style="display: inline; width: 300px;"
placeholder="email@example.com"
path="email"/>
</div>
<div>
<form:input type="password"
name="password"
class="form-control MyInput"
id="password"
placeholder="password"
path="password"/>
</div>
<div>
<form:button type="submit" style="text-align: center" class="form-control MyButton">Login</form:button>
</div>
<div>
<a href="/registration"
type="submit" class="form-control MyButton" >Sign Up</a>
</div>
</div>
</form:form>
</body>
</html>```
如果您的密碼以普通方式保存,則當前邏輯是可以的。 但是安全級別太低了。 我建議你用 MD5 編碼密碼然后保存到數據庫。 用 MD5 編碼的相同字符串具有相同的結果。 所以你可以避免在數據庫中保存普通密碼。
MD5編碼器目前不安全,因為網上有更多的解碼器方式。 你應該好好保護數據庫。 建議用戶定期更改密碼是一個很好的方法。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.