没有Spring Security的Spring-Boot登录

debugcn 发表于 Dev

多诺布兹

我目前有一个具有正常登录和注册页面的应用程序。一切都进行得很顺利，所有测试用例都可以正常工作，直到出现密码要求唯一的情况为止。如果用户使用与现有密码相同的密码登录，将引发错误。有人可以引导我朝正确的方向解决这个错误吗？我会认为这将是控制器中的某件事，但我不确定100％。我也在使用内置的h2内存数据库。

编辑：我也刚刚测试了另一个用例，我没有检查放入的关联电子邮件是否具有正确的密码，我只是检查放入的数据是否在数据库中。

这是主控制器


@Controller
@SessionAttributes("name")
public class MainController {

    @Autowired
    private AccountRepository accountRepo;

    public MainController(AccountRepository accountRepo) {
        this.accountRepo = accountRepo;
    }





        @RequestMapping(value="/registration", method = RequestMethod.POST)
        public String registerAccount(@ModelAttribute("accountForm") AccountEntity accountForm, BindingResult bindingResult, Model model){

            if (bindingResult.hasErrors()) {
                return "error";
            }

            //Grabs information from view and saves them to attribute to save to database
            model.addAttribute("userName", accountForm.getUserName());
            model.addAttribute("email", accountForm.getEmail());
            model.addAttribute("firstName", accountForm.getFirstName());
            model.addAttribute("lastName", accountForm.getLastName());
            model.addAttribute("password", accountForm.getPassword());
            model.addAttribute("age", accountForm.getAge());
            //model.addAttribute("gender", accountForm.getGender());

            //Email Verification
            String randomVerificationCode = RandomString.make(64);
            accountForm.setVerificationCode(randomVerificationCode);


            AccountEntity emailChecker = accountRepo.findByEmail(accountForm.getEmail());
            AccountEntity usernameChecker = accountRepo.findByUserName(accountForm.getUserName());


            //checks if an email and username are unique;
            //if email or username already exists in database, throws error
            if(emailChecker != null || usernameChecker != null){
                System.out.println("the email or username already exists");
                return "redirect:registration";
            }
            else{
                accountRepo.save(accountForm);
                return "redirect:login";
            }

    }

        @RequestMapping(value="/login", method = RequestMethod.GET)
        public String showLoginPage(ModelMap model){
        model.addAttribute("login", new AccountEntity());
            return "login";
        }

    @RequestMapping(value="/login", method = RequestMethod.POST)
    public String submitLoginIn(@ModelAttribute("login") AccountEntity account){

        AccountEntity accountFormEmail = accountRepo.findByEmail(account.getEmail());
        AccountEntity accountFormPassword = accountRepo.findByPassword(account.getPassword());

        // Can't login if passwords are the same as an existing account --> need to fix
            if(accountFormEmail == null || accountFormPassword == null)
            {
                System.out.print("Account does not exist");
                return "redirect:login";
            }
            else {
                System.out.print("account exist");
                return "redirect:welcome"; //Change later
            }

        }

}

这是AccountEntity

package com.CSCI4050.TermProject.CovidWebsite.entities;

import javax.management.relation.Role;
import javax.persistence.*;
import javax.validation.constraints.Email;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.Size;
import java.util.Set;

@Entity (name = "user")
public class AccountEntity {

    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;


    private String firstName;
    private String lastName;
    private String userName;
    private String email;
    private String password;
    //private String gender;
    private Integer age;
    private String verificationCode;

    //Getters and Setters
    public void setId(Long id) {
        this.id = id;
    }

    public Long getId() {
        return id;
    }

    public void setFirstName(String firstName) {
        this.firstName = firstName;
    }

    public void setLastName(String lastName) {
        this.lastName = lastName;
    }

    public String getFirstName() {
        return firstName;
    }

    public String getLastName() {
        return lastName;
    }

    public String getUserName() {
        return userName;
    }

    public void setUserName(String userName) {
        this.userName = userName;
    }

    public String getEmail() {
        return email;
    }

    public void setEmail(String email) {
        this.email = email;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    /*
    public String getGender() {
        return gender;
    }

    public void setGender(String gender) {
        this.gender = gender;
    }
   */

    public Integer getAge() {
        return age;
    }

    public void setAge(Integer age) {
        this.age = age;
    }


    public String getVerificationCode() {
        return verificationCode;
    }

    public void setVerificationCode(String verificationCode) {
        this.verificationCode = verificationCode;
    }

}

这是login.jsp


<%@ page import="java.net.URLDecoder" %>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<html>
<head>

    <!-- Required MetaFiles -->
    <meta name="content-type" content="text-html" charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta name="keywords" content="keyword1, keyword2, keyword3">
    <meta name="description" content="this is my page">
    <!-- Webjars for Bootstrap and Jquery -->
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
    <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
    <style><%@include file="/WEB-INF/css/login.css"%></style>
    <title>Login</title>

</head>

<body>
<%--@elvariable id="login" type=""--%>
<form:form modelAttribute="login" >
    <div class="form-group container" id="positionOfLogin" style="text-align: center">
        <div>
            <form:input type="email"
                   class="form-control MyInput"
                   id="email"
                   style="display: inline; width: 300px;"
                   placeholder="[email protected]"
            path="email"/>
        </div>

        <div>
            <form:input type="password"
                        name="password"
                   class="form-control MyInput"
                   id="password"
                   placeholder="password"
            path="password"/>
        </div>


        <div>
            <form:button type="submit" style="text-align: center" class="form-control MyButton">Login</form:button>
        </div>

        <div>

            <a href="/registration"
               type="submit" class="form-control MyButton" >Sign Up</a>
        </div>

    </div>
</form:form>

</body>

</html>```

杰基·尼奥

如果您的密码以普通格式保存，则当前逻辑正常。但是安全级别太低。我建议您使用MD5对密码进行编码，然后保存到数据库。用MD5编码的相同字符串具有相同的结果。因此，您可以避免在数据库中保存普通密码。

MD5编码器当前不安全，因为有更多的解码器在线方式。您应该很好地保护数据库。这是建议用户定期更改密码的好方法。

本文收集自互联网，转载请注明来源。

如有侵权，请联系[email protected] 删除。