【发布时间】:2015-10-14 22:27:47
【问题描述】:
我正在制作 Rest API。我必须进行一次用户身份验证。登录 api 后,他们不会发出任何其他请求。我正在使用 Spring Security 进行 MVC 身份验证。
else if(!customerWithEmail.getPassword().equals(passwordEncoder.encode(password))){
map.put("ERROR CODE", "04 - Wrong Password");
//Doesnt work for sure.
//TODO email password auth.
return map;
}
我的用户名和密码验证有问题。我在其他模块中使用 BCrypt 和 UserDetails。
我们的客户有静态 IP 地址,他们无法登录,只能在数据库中记录 IP 地址。但电子邮件密码检查将有利于未来。
@RestController
@RequestMapping(value = "/api")
public class ApiController {
@Autowired
private CustomerDao customerDao;
@Autowired
private PasswordEncoder passwordEncoder;
@RequestMapping(value = "/login", method = RequestMethod.GET)
public @ResponseBody Map customerLogin(@RequestParam(value = "email") String email, @RequestParam(value = "password") String password,
HttpServletRequest request) {
Map map = new HashMap();
try {
String customerIpAddress = request.getRemoteAddr();
Customer customerWithEmail = customerDao.getUserByEmail(email);
Customer customerWithIpAddress = customerDao.getUserByIpAddress(customerIpAddress);
if (customerWithEmail == null) {
map.put("ERROR CODE", "01 - User Not Found");
return map;
} else if (customerWithIpAddress == null) {
map.put("ERROR CODE", "02 - IP Address Not Found");
return map;
} else if (!customerWithEmail.equals(customerWithIpAddress)) {
map.put("ERROR CODE", "03 - User and IP Address Does Not Match");
return map;
}else if(!customerWithEmail.getPassword().equals(passwordEncoder.encode(password))){
map.put("ERROR CODE", "04 - Wrong Password");
//Doesnt work for sure.
//TODO email password auth.
return map;
}
else {
map.put("Email", customerWithEmail.getEmail());
map.put("Name", customerWithEmail.getName());
map.put("Surname", customerWithEmail.getSurname());
map.put("Company", customerWithEmail.getCompanyName());
return map;
}
} catch (Exception e) {
map.put("ERROR CODE", "05 - See Details");
map.put("Error", e.toString());
return map;
}
}
}
我的业务逻辑是真的吗?我的事情不是。
【问题讨论】:
-
为什么不能检查用户名和密码是否匹配?
-
我使用密码参数,但这是
customerWithEmail.getPassword().equals(passwordEncoder.encode(password))不能正常工作。
标签: spring rest spring-security