Java 根据输入字段分解错误消息
我有3个输入字段:用户名、密码和类型 如果这3个错误中的任何一个不正确,我只会收到一条错误消息,说明“usern&pass不正确” 如何分解错误消息,以便显示密码、用户名或类型的值是否输入错误 这是我使用的两个文件:Login Model和LoginController。顺便说一句,下面的代码没有错误 它工作得很好。我只想扩展它来分解错误消息 LoginController文件:Java 根据输入字段分解错误消息,java,javafx,Java,Javafx,我有3个输入字段:用户名、密码和类型 如果这3个错误中的任何一个不正确,我只会收到一条错误消息,说明“usern&pass不正确” 如何分解错误消息,以便显示密码、用户名或类型的值是否输入错误 这是我使用的两个文件:Login Model和LoginController。顺便说一句,下面的代码没有错误 它工作得很好。我只想扩展它来分解错误消息 LoginController文件: public class LoginController implements Initializable {
public class LoginController implements Initializable {
/**
* Initializes the controller class.
*/
public LoginModel loginModel = new LoginModel();
@FXML private Label isConnected;
@FXML private JFXTextField txtUsername;
@FXML private JFXPasswordField txtPassword;
@FXML private ComboBox<String> comboType;
ObservableList<String> list = FXCollections.observableArrayList("admin", "manager", "clerk");
@Override
public void initialize(URL url, ResourceBundle rb) {
comboType.setItems(list);
if(loginModel.isDbConnected()) {
isConnected.setText("Connected");
}
else {
isConnected.setText("Not Connected");
}
}
public void Login (ActionEvent event) {
try {
if(loginModel.isLogin(comboType.getValue(), txtUsername.getText(), txtPassword.getText())) {
isConnected.setText("usern & pass is correct");
//closes login fxml file
((Node)event.getSource()).getScene().getWindow().hide();
//loads main interface fxml file
Stage primaryStage = new Stage();
FXMLLoader loader = new FXMLLoader();
Pane root = loader.load(getClass().getResource("/gui/uicomponents/Main.fxml").openStream());
MainController mainController = (MainController)loader.getController();
mainController.getUser("Hi " + txtUsername.getText());
Scene scene = new Scene(root);
scene.getStylesheets().add(getClass().getResource("/resources/css/Consolidated.css").toExternalForm());
primaryStage.setMaximized(true);
primaryStage.setTitle("Main Interface");
primaryStage.setScene(scene);
primaryStage.show();
}
else {
isConnected.setText("usern & pass is not correct");
}
} catch (SQLException ex) {
isConnected.setText("usern & pass is not correct");
Logger.getLogger(LoginController.class.getName()).log(Level.SEVERE, null, ex);
} catch (IOException ex) {
Logger.getLogger(LoginController.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
简单地说,您的方法isLogin()需要对传入数据进行更清晰的分析 例如,您可以首先检查用户名是否已知 但是你看,;从安全角度来看,您可能不想向用户提供此类详细信息。假设攻击者正在猜测用户名。当你给他不同的消息时,用户未知且密码无效;然后你帮助他攻击你。您可以将这些信息放入日志文件中,但不必提供使用的所有详细信息 谈到安全性:似乎您打算将密码以纯文本形式存储在数据库中。那是绝对不行的
但是,考虑到客户机直接与数据库对话的事实,安全性似乎并不是您的首要任务 简单地说,您的方法isLogin()需要对传入数据进行更清晰的分析 例如,您可以首先检查用户名是否已知 但是你看,;从安全角度来看,您可能不想向用户提供此类详细信息。假设攻击者正在猜测用户名。当你给他不同的消息时,用户未知且密码无效;然后你帮助他攻击你。您可以将这些信息放入日志文件中,但不必提供使用的所有详细信息 谈到安全性:似乎您打算将密码以纯文本形式存储在数据库中。那是绝对不行的
但是,考虑到客户机直接与数据库对话的事实,安全性似乎并不是您的首要任务 从安全角度来看,揭示细节的哪一部分是不正确的不是一个好的做法,即。,它使您的应用程序更容易受到黑客的攻击,因为您会给出更多提示,说明
用户ID
是否不正确或密码
是否不正确或类型
是否不正确
但是,如果由于您自己的项目需求,您真的想显示非常具体的错误消息,您可以通过检查类型
和用户名
是否存在,然后定义并抛出自定义异常,如类型NotFoundException
或用户名NotFoundException
异常,如下所示:
Login()方法:
public void Login (ActionEvent event) {
try {
if(loginModel.isLogin(comboType.getValue(),
txtUsername.getText(), txtPassword.getText())) {
//add your code
}
else {
isConnected.setText(" pass is not correct");
}
} catch (TypeNotFoundException ex) {
isConnected.setText("Type is not correct");
//add your logger
} catch (UserNameNotFoundException ex) {
isConnected.setText("Username is not correct");
//add your logger
} catch (SQLException ex) {
isConnected.setText("technical problem,please try after some time");
//add your logger
} catch (IOException ex) {
//add your logger
}
}
public boolean isLogin(String type, String user, String pass) throws SQLException {
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
String query = "select * from users where type = ?
and username = ? and password = ?";
try {
//other code
//if returns result from db
if(resultSet.next()) {
return true;
}
else {
//String typeQuery = "select * from users where type = ?";
//Execute the typeQuery and throw TypeNotFoundException
//String userNameQuery = "select * from users where username = ?";
//Execute the userNameQuery and throw UserNameNotFoundException
return false;
}
} //other code as is
}
isLogin():
public void Login (ActionEvent event) {
try {
if(loginModel.isLogin(comboType.getValue(),
txtUsername.getText(), txtPassword.getText())) {
//add your code
}
else {
isConnected.setText(" pass is not correct");
}
} catch (TypeNotFoundException ex) {
isConnected.setText("Type is not correct");
//add your logger
} catch (UserNameNotFoundException ex) {
isConnected.setText("Username is not correct");
//add your logger
} catch (SQLException ex) {
isConnected.setText("technical problem,please try after some time");
//add your logger
} catch (IOException ex) {
//add your logger
}
}
public boolean isLogin(String type, String user, String pass) throws SQLException {
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
String query = "select * from users where type = ?
and username = ? and password = ?";
try {
//other code
//if returns result from db
if(resultSet.next()) {
return true;
}
else {
//String typeQuery = "select * from users where type = ?";
//Execute the typeQuery and throw TypeNotFoundException
//String userNameQuery = "select * from users where username = ?";
//Execute the userNameQuery and throw UserNameNotFoundException
return false;
}
} //other code as is
}
从安全角度来看,披露细节的哪些部分不正确不是一个好的做法,即:。,它使您的应用程序更容易受到黑客的攻击,因为您会给出更多提示,说明
用户ID
是否不正确或密码
是否不正确或类型
是否不正确
但是,如果由于您自己的项目需求,您真的想显示非常具体的错误消息,您可以通过检查类型
和用户名
是否存在,然后定义并抛出自定义异常,如类型NotFoundException
或用户名NotFoundException
异常,如下所示:
Login()方法:
public void Login (ActionEvent event) {
try {
if(loginModel.isLogin(comboType.getValue(),
txtUsername.getText(), txtPassword.getText())) {
//add your code
}
else {
isConnected.setText(" pass is not correct");
}
} catch (TypeNotFoundException ex) {
isConnected.setText("Type is not correct");
//add your logger
} catch (UserNameNotFoundException ex) {
isConnected.setText("Username is not correct");
//add your logger
} catch (SQLException ex) {
isConnected.setText("technical problem,please try after some time");
//add your logger
} catch (IOException ex) {
//add your logger
}
}
public boolean isLogin(String type, String user, String pass) throws SQLException {
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
String query = "select * from users where type = ?
and username = ? and password = ?";
try {
//other code
//if returns result from db
if(resultSet.next()) {
return true;
}
else {
//String typeQuery = "select * from users where type = ?";
//Execute the typeQuery and throw TypeNotFoundException
//String userNameQuery = "select * from users where username = ?";
//Execute the userNameQuery and throw UserNameNotFoundException
return false;
}
} //other code as is
}
isLogin():
public void Login (ActionEvent event) {
try {
if(loginModel.isLogin(comboType.getValue(),
txtUsername.getText(), txtPassword.getText())) {
//add your code
}
else {
isConnected.setText(" pass is not correct");
}
} catch (TypeNotFoundException ex) {
isConnected.setText("Type is not correct");
//add your logger
} catch (UserNameNotFoundException ex) {
isConnected.setText("Username is not correct");
//add your logger
} catch (SQLException ex) {
isConnected.setText("technical problem,please try after some time");
//add your logger
} catch (IOException ex) {
//add your logger
}
}
public boolean isLogin(String type, String user, String pass) throws SQLException {
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
String query = "select * from users where type = ?
and username = ? and password = ?";
try {
//other code
//if returns result from db
if(resultSet.next()) {
return true;
}
else {
//String typeQuery = "select * from users where type = ?";
//Execute the typeQuery and throw TypeNotFoundException
//String userNameQuery = "select * from users where username = ?";
//Execute the userNameQuery and throw UserNameNotFoundException
return false;
}
} //other code as is
}
首先感谢您的时间和回答。另外,在安全性方面,这也是一个很好的观点。我应该如何在数据库中存储密码和用户名?我应该用第三方软件加密吗?你应该做些研究。“正常”方法是使用密码散列函数,将其应用于“salt”密码。然后将结果存储在数据库中。稍后,您只需重复该过程,当结果与db条目匹配时,密码是正确的。但正如所说的:这是你可以读到的关于你自己的基本资料……首先感谢你的时间和回答。另外,在安全性方面,这也是一个很好的观点。我应该如何在数据库中存储密码和用户名?我应该用第三方软件加密吗?你应该做些研究。“正常”方法是使用密码散列函数,将其应用于“salt”密码。然后将结果存储在数据库中。稍后,您只需重复该过程,当结果与db条目匹配时,密码是正确的。但正如所说:这是你可以读到的关于你自己的基本资料。。。