Fatal编程技术网
  • java/
  • Java 关于Spring安全的问题

Java 关于Spring安全的问题

java android json spring spring-mvc

Java 关于Spring安全的问题,java,android,json,spring,spring-mvc,Java,Android,Json,Spring,Spring Mvc,我实际上是Spring框架的初学者。今天我遇到了很多问题,我想问你们几个问题来解决 我想用Android客户端制作简单的用户登录/授权应用程序 首先,我想发布我的代码: 型号: @Entity @Table(name = "Users") public class User { public User() { } @Id @GeneratedValue(generator = "increment") @GenericGenerator(name = "

我实际上是Spring框架的初学者。今天我遇到了很多问题,我想问你们几个问题来解决

我想用Android客户端制作简单的用户登录/授权应用程序

首先,我想发布我的代码:

型号:

@Entity
@Table(name = "Users")
public class User {
    public User() {
    }

    @Id
    @GeneratedValue(generator = "increment")
    @GenericGenerator(name = "increment", strategy = "increment")
    @Column(name = "Id", unique = true, nullable = false)
    private long id;

    @Column(name = "userName", nullable = false)
    private String userName;

    @Column(name = "userPassword", nullable = false)
    private String userPassword;

    @Transient
    private String confirmPassword;


    public long getId() {
        return id;
    }

    public String getUsername() {
        return userName;
    }

    public String getPassword() {
        return userPassword;
    }

    public String getConfirmPassword() {
        return confirmPassword;
    }

    public void setId(long id) {
        this.id = id;
    }

    public void setName(String userName) {
        this.userName = userName;
    }

    public void setPassword(String userPassword) {
        this.userPassword = userPassword;
    }

    public void setConfirmPassword(String confirmPassword) {
        this.confirmPassword = confirmPassword;
    }
}
服务:

用户详细信息:

@Service("userDetailsServiceImpl")
public class UserDetailsServiceImpl implements UserDetailsService {

    @Autowired
    private UserRepository userRepository;


    @Override
    @Transactional(readOnly = true)
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
        User user = userRepository.findByUserName(userName);

        Set<GrantedAuthority> grantedAuthorities = new HashSet<GrantedAuthority>();

        return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), grantedAuthorities);
    }
}
用户验证程序:

@Component
public class UserValidator implements Validator {

    @Autowired
    private UserService userService;


    @Override
    public boolean supports(Class aClass) {
        return User.class.equals(aClass);
    }

    @Override
    public void validate(Object o, Errors errors) {
        User user = (User) o;

        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "username", "Required");

        if (user.getUsername().length() < 8 || user.getUsername().length() > 32) {
            errors.rejectValue("username", "Size.userForm.username");
        }

        if (userService.findByUserName(user.getUsername()) != null) {
            errors.rejectValue("username", "Duplicate.userForm.username");
        }

        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "password", "Required");
        if (user.getPassword().length() < 8 || user.getPassword().length() > 32) {
            errors.rejectValue("password", "Size.userForm.password");
        }

        if (!user.getConfirmPassword().equals(user.getPassword())) {
            errors.rejectValue("confirmPassword", "Different.userForm.password");
        }
    }
}
SecurityConfig:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
@ComponentScan("com.webserverconfig.user")
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("userDetailsServiceImpl")
    UserDetailsService userDetailsService;


    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}
和lsat one->控制器:

@RestController
@RequestMapping("/user")
public class UserController {

    @Autowired
    private UserService userService;

    @Autowired
    private SecurityService securityService;

    @Autowired
    private UserValidator userValidator;


    @RequestMapping(value = "/registration", method = RequestMethod.POST)
    @ResponseBody
    @ResponseStatus(value = HttpStatus.CREATED)
    public User registration(@RequestBody User user, BindingResult bindingResult, Model model) {
        userValidator.validate(user, bindingResult);

        if (bindingResult.hasErrors()) {
            //What should i return here to my Android client ?
        }

        userService.save(user);

        securityService.autoLogin(user.getUsername(), user.getConfirmPassword());

        return user;

    }

}
为了节省空间,我错过了一些课程

我请求您帮助我回答我的问题,请:

1) 当我尝试使用邮递员发送JSON时:

{
  "id": 1,
  "userName": "Andrew",
  "userPassword": "apoyark123",
  "confirmPassword": "apoyark123"
}
我将获得下一个erorr:

DefaultHandlerExceptionResolver - Failed to read HTTP message: org.springframework.http.converter.HttpMessageNotReadableException: Could not read document: Unrecognized field "userName" (class com.webserverconfig.user.entity.User), not marked as ignorable (4 known properties: "id", "name", "password", "confirmPassword"])
 at [Source: java.io.PushbackInputStream@ddd416; line: 3, column: 16] (through reference chain: com.webserverconfig.user.entity.User["userName"]); nested exception is com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "userName" (class com.webserverconfig.user.entity.User), not marked as ignorable (4 known properties: "id", "name", "password", "confirmPassword"])
 at [Source: java.io.PushbackInputStream@ddd416; line: 3, column: 16] (through reference chain: com.webserverconfig.user.entity.User["userName"])
我遗漏了一些注释吗

Mehdi在第一条评论中解决了这个问题

请帮我回答第二个问题。

2) 我还没有测试安全验证部分,因为这段代码不起作用,但我有一个问题->我的客户如何理解登录/授权出错/正常

如果我们查看控制器的方法
注册(…)
->如果第一个“If”为false,我应该向客户端返回什么

如果验证不正确怎么办?我应该向客户端返回什么以及如何返回?

在您的用户模型中,您将setter声明为setName,其中setUsername应与password相同谢谢,现在它工作正常。关于第二个问题:您可以抛出另一个状态(而不是HttpStatus.CREATED)在您的用户模型中,您将setter声明为setName,其中setUsername应与password相同谢谢,现在它可以正常工作。关于第二个问题:您可以抛出另一个状态(而不是HttpStatus.CREATED),然后在客户端处理它。 
{
  "id": 1,
  "userName": "Andrew",
  "userPassword": "apoyark123",
  "confirmPassword": "apoyark123"
}

DefaultHandlerExceptionResolver - Failed to read HTTP message: org.springframework.http.converter.HttpMessageNotReadableException: Could not read document: Unrecognized field "userName" (class com.webserverconfig.user.entity.User), not marked as ignorable (4 known properties: "id", "name", "password", "confirmPassword"])
 at [Source: java.io.PushbackInputStream@ddd416; line: 3, column: 16] (through reference chain: com.webserverconfig.user.entity.User["userName"]); nested exception is com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "userName" (class com.webserverconfig.user.entity.User), not marked as ignorable (4 known properties: "id", "name", "password", "confirmPassword"])
 at [Source: java.io.PushbackInputStream@ddd416; line: 3, column: 16] (through reference chain: com.webserverconfig.user.entity.User["userName"])