1. 首頁
  2. 問答
  3. Spring Rest API用戶身份驗證一次

Spring Rest API用戶身份驗證一次

2015-10-13 55 views
0

我正在製作Rest API。我必須做一次用戶認證。登錄到api後,他們不會提出任何其他請求。我正在使用Spring Security進行MVC身份驗證。Spring Rest API用戶身份驗證一次

else if(!customerWithEmail.getPassword().equals(passwordEncoder.encode(password))){ 
     map.put("ERROR CODE", "04 - Wrong Password"); 
     //Doesnt work for sure. 
     //TODO email password auth. 
     return map; 
    }

我有用戶和密碼驗證問題。我在其他模塊中使用帶有UserDetails的BCrypt。

我們的客戶有靜態IP地址,他們不能登錄任何地方,但在數據庫中記錄IP地址。但是電子郵件密碼檢查對未來會有好處。

@RestController 
@RequestMapping(value = "/api") 
public class ApiController { 

@Autowired 
private CustomerDao customerDao; 

@Autowired 
private PasswordEncoder passwordEncoder; 

@RequestMapping(value = "/login", method = RequestMethod.GET) 
public @ResponseBody Map customerLogin(@RequestParam(value = "email") String email, @RequestParam(value = "password") String password, 
        HttpServletRequest request) { 

    Map map = new HashMap(); 
    try { 

     String customerIpAddress = request.getRemoteAddr(); 
     Customer customerWithEmail = customerDao.getUserByEmail(email); 
     Customer customerWithIpAddress = customerDao.getUserByIpAddress(customerIpAddress); 


     if (customerWithEmail == null) { 
      map.put("ERROR CODE", "01 - User Not Found"); 
      return map; 
     } else if (customerWithIpAddress == null) { 
      map.put("ERROR CODE", "02 - IP Address Not Found"); 
      return map; 
     } else if (!customerWithEmail.equals(customerWithIpAddress)) { 
      map.put("ERROR CODE", "03 - User and IP Address Does Not Match"); 
      return map; 
     }else if(!customerWithEmail.getPassword().equals(passwordEncoder.encode(password))){ 
      map.put("ERROR CODE", "04 - Wrong Password"); 
      //Doesnt work for sure. 
      //TODO email password auth. 
      return map; 
     } 
     else { 
      map.put("Email", customerWithEmail.getEmail()); 
      map.put("Name", customerWithEmail.getName()); 
      map.put("Surname", customerWithEmail.getSurname()); 
      map.put("Company", customerWithEmail.getCompanyName()); 
      return map; 
     } 
    } catch (Exception e) { 
     map.put("ERROR CODE", "05 - See Details"); 
     map.put("Error", e.toString()); 
     return map; 
    } 

} 
}

我的業務邏輯是否正確?我不是。

來源

2015-10-13 fatiherdem

+0

爲什麼你不能檢查用戶名和密碼是否匹配? – libik

+0

我使用密碼參數,但是這是'customerWithEmail.getPassword()。equals(passwordEncoder.encode(password))'不能正常工作。 – fatiherdem

回答

1

由於BCrypt使用隨機鹽,因此不能使用encodeequals。相反:

if (!passwordEncoder.matches(password, customerWithEmail.getPassword()))

來源

2015-10-14 14:27:47 holmis83

+0

它的工作原理。謝謝! – fatiherdem

相關問題

 相關問題