Java 关于Spring安全的问题
我实际上是Spring框架的初学者。今天我遇到了很多问题,我想问你们几个问题来解决 我想用Android客户端制作简单的用户登录/授权应用程序 首先,我想发布我的代码: 型号:Java 关于Spring安全的问题,java,android,json,spring,spring-mvc,Java,Android,Json,Spring,Spring Mvc,我实际上是Spring框架的初学者。今天我遇到了很多问题,我想问你们几个问题来解决 我想用Android客户端制作简单的用户登录/授权应用程序 首先,我想发布我的代码: 型号: @Entity @Table(name = "Users") public class User { public User() { } @Id @GeneratedValue(generator = "increment") @GenericGenerator(name = "
@Entity
@Table(name = "Users")
public class User {
public User() {
}
@Id
@GeneratedValue(generator = "increment")
@GenericGenerator(name = "increment", strategy = "increment")
@Column(name = "Id", unique = true, nullable = false)
private long id;
@Column(name = "userName", nullable = false)
private String userName;
@Column(name = "userPassword", nullable = false)
private String userPassword;
@Transient
private String confirmPassword;
public long getId() {
return id;
}
public String getUsername() {
return userName;
}
public String getPassword() {
return userPassword;
}
public String getConfirmPassword() {
return confirmPassword;
}
public void setId(long id) {
this.id = id;
}
public void setName(String userName) {
this.userName = userName;
}
public void setPassword(String userPassword) {
this.userPassword = userPassword;
}
public void setConfirmPassword(String confirmPassword) {
this.confirmPassword = confirmPassword;
}
}
服务:
用户详细信息:
@Service("userDetailsServiceImpl")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
User user = userRepository.findByUserName(userName);
Set<GrantedAuthority> grantedAuthorities = new HashSet<GrantedAuthority>();
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), grantedAuthorities);
}
}
用户验证程序:
@Component
public class UserValidator implements Validator {
@Autowired
private UserService userService;
@Override
public boolean supports(Class aClass) {
return User.class.equals(aClass);
}
@Override
public void validate(Object o, Errors errors) {
User user = (User) o;
ValidationUtils.rejectIfEmptyOrWhitespace(errors, "username", "Required");
if (user.getUsername().length() < 8 || user.getUsername().length() > 32) {
errors.rejectValue("username", "Size.userForm.username");
}
if (userService.findByUserName(user.getUsername()) != null) {
errors.rejectValue("username", "Duplicate.userForm.username");
}
ValidationUtils.rejectIfEmptyOrWhitespace(errors, "password", "Required");
if (user.getPassword().length() < 8 || user.getPassword().length() > 32) {
errors.rejectValue("password", "Size.userForm.password");
}
if (!user.getConfirmPassword().equals(user.getPassword())) {
errors.rejectValue("confirmPassword", "Different.userForm.password");
}
}
}
SecurityConfig:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
@ComponentScan("com.webserverconfig.user")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsServiceImpl")
UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
和lsat one->控制器:
@RestController
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
@Autowired
private SecurityService securityService;
@Autowired
private UserValidator userValidator;
@RequestMapping(value = "/registration", method = RequestMethod.POST)
@ResponseBody
@ResponseStatus(value = HttpStatus.CREATED)
public User registration(@RequestBody User user, BindingResult bindingResult, Model model) {
userValidator.validate(user, bindingResult);
if (bindingResult.hasErrors()) {
//What should i return here to my Android client ?
}
userService.save(user);
securityService.autoLogin(user.getUsername(), user.getConfirmPassword());
return user;
}
}
为了节省空间,我错过了一些课程
我请求您帮助我回答我的问题,请:
1) 当我尝试使用邮递员发送JSON时:
{
"id": 1,
"userName": "Andrew",
"userPassword": "apoyark123",
"confirmPassword": "apoyark123"
}
我将获得下一个erorr:
DefaultHandlerExceptionResolver - Failed to read HTTP message: org.springframework.http.converter.HttpMessageNotReadableException: Could not read document: Unrecognized field "userName" (class com.webserverconfig.user.entity.User), not marked as ignorable (4 known properties: "id", "name", "password", "confirmPassword"])
at [Source: java.io.PushbackInputStream@ddd416; line: 3, column: 16] (through reference chain: com.webserverconfig.user.entity.User["userName"]); nested exception is com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "userName" (class com.webserverconfig.user.entity.User), not marked as ignorable (4 known properties: "id", "name", "password", "confirmPassword"])
at [Source: java.io.PushbackInputStream@ddd416; line: 3, column: 16] (through reference chain: com.webserverconfig.user.entity.User["userName"])
我遗漏了一些注释吗
Mehdi在第一条评论中解决了这个问题强>
请帮我回答第二个问题。
2) 我还没有测试安全验证部分,因为这段代码不起作用,但我有一个问题->我的客户如何理解登录/授权出错/正常
如果我们查看控制器的方法注册(…)
->如果第一个“If”为false,我应该向客户端返回什么
如果验证不正确怎么办?我应该向客户端返回什么以及如何返回?在您的用户模型中,您将setter声明为setName,其中setUsername应与password相同谢谢,现在它工作正常。关于第二个问题:您可以抛出另一个状态(而不是HttpStatus.CREATED)在您的用户模型中,您将setter声明为setName,其中setUsername应与password相同谢谢,现在它可以正常工作。关于第二个问题:您可以抛出另一个状态(而不是HttpStatus.CREATED),然后在客户端处理它。
{
"id": 1,
"userName": "Andrew",
"userPassword": "apoyark123",
"confirmPassword": "apoyark123"
}
DefaultHandlerExceptionResolver - Failed to read HTTP message: org.springframework.http.converter.HttpMessageNotReadableException: Could not read document: Unrecognized field "userName" (class com.webserverconfig.user.entity.User), not marked as ignorable (4 known properties: "id", "name", "password", "confirmPassword"])
at [Source: java.io.PushbackInputStream@ddd416; line: 3, column: 16] (through reference chain: com.webserverconfig.user.entity.User["userName"]); nested exception is com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "userName" (class com.webserverconfig.user.entity.User), not marked as ignorable (4 known properties: "id", "name", "password", "confirmPassword"])
at [Source: java.io.PushbackInputStream@ddd416; line: 3, column: 16] (through reference chain: com.webserverconfig.user.entity.User["userName"])