验证密码和确认密码 Spring 引导
Validating Password and Confirmed Password Spring Boot
我目前正在使用 Swagger 测试我的 spring 引导应用程序的 API,当我输入不匹配的密码,甚至输入大小超出范围的密码时(最小值=5 和最大值=15) 的大小,我没有收到预期的 404 错误代码。其他实体变量的其他错误已被正确捕获,但密码似乎没有。 plainPassword 和 repeatPassword 在我下面的实体中匹配可能有什么错误?因为 @PasswordMatch 注释似乎没有完成我期望的比较 plainPassword 和 repeatPassword 的工作。
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import javax.persistence.Transient;
import javax.persistence.UniqueConstraint;
import javax.validation.constraints.Email;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.Size;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import com.bcore.hw.validation.PasswordMatch;
import lombok.NoArgsConstructor;
import lombok.Data;
@Entity
@Table(name="users", uniqueConstraints={@UniqueConstraint(columnNames = {"email"})})
@PasswordMatch(message="{register.repeatPassword.mismatch}")
@NoArgsConstructor
@Data
public class SiteUser {
@Id
@GeneratedValue(strategy=GenerationType.AUTO)
private Long userId;
@Column(name="email", unique=true)
@Email(message="{register.email.invalid}")
@NotBlank(message="{register.email.invalid}")
private String email;
@Transient // meaning it will not be saved in DB
@Size(min=5, max=15, message="{register.password.size}")
private String plainPassword; //unencrytped
@Transient
private String repeatPassword;
@Column(name="password", length=60)
private String password;
@Column(name="role", length=20)
private String role;
@Column(name="enabled")
private Boolean enabled = false;
public void setPlainPassword(String plainPassword) {
//System.out.println("PASSWORD BEFORE " + plainPassword);
this.password = new BCryptPasswordEncoder().encode(plainPassword);
//System.out.println("HERE IS PASSWORD" + this.password + "PASSWORD LENGTH = " + (this.password).length());
this.plainPassword = plainPassword;
}
}
已使用自定义验证器更新:
现在我有 PasswordMatch.java 和 PasswordMatchValidator.java,但是对于如何在实体中设置 @PrePersist 和 @PreUpdate 注释有点困惑:
package com.bcore.hw.validation;
import static java.lang.annotation.ElementType.TYPE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import javax.validation.Constraint;
import javax.validation.Payload;
@Target(TYPE)
@Retention(RUNTIME)
@Constraint(validatedBy=PasswordMatchValidator.class)
@Documented
public @interface PasswordMatch {
String message() default "{error.password.mismatch}";
Class<?>[] groups() default {};
Class<? extends Payload>[] payload() default {};
}
package com.bcore.hw.validation;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
import com.bcore.hw.model.SiteUser;
public class PasswordMatchValidator implements ConstraintValidator<PasswordMatch, SiteUser>{
@Override
public void initialize(PasswordMatch p) {
}
public boolean isValid(SiteUser user, ConstraintValidatorContext c) {
String plainPassword = user.getPlainPassword();
String repeatPassword = user.getRepeatPassword();
if(plainPassword == null || !plainPassword.equals(repeatPassword)) {
return false;
}
return true;
}
}
目前在实体中,您可以在 class 定义之前看到 @PasswordMatch,但这不起作用。所以,@PrePersist 和@PreUpdate 仅用于实体方法定义,但我应该在它们下面放置什么方法?从 PasswordMatch 接口调用 isValid() 方法?不确定此时在实体中做什么。
似乎是 this bug in open status 因为 @Transient 字段
我目前正在使用 Swagger 测试我的 spring 引导应用程序的 API,当我输入不匹配的密码,甚至输入大小超出范围的密码时(最小值=5 和最大值=15) 的大小,我没有收到预期的 404 错误代码。其他实体变量的其他错误已被正确捕获,但密码似乎没有。 plainPassword 和 repeatPassword 在我下面的实体中匹配可能有什么错误?因为 @PasswordMatch 注释似乎没有完成我期望的比较 plainPassword 和 repeatPassword 的工作。
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import javax.persistence.Transient;
import javax.persistence.UniqueConstraint;
import javax.validation.constraints.Email;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.Size;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import com.bcore.hw.validation.PasswordMatch;
import lombok.NoArgsConstructor;
import lombok.Data;
@Entity
@Table(name="users", uniqueConstraints={@UniqueConstraint(columnNames = {"email"})})
@PasswordMatch(message="{register.repeatPassword.mismatch}")
@NoArgsConstructor
@Data
public class SiteUser {
@Id
@GeneratedValue(strategy=GenerationType.AUTO)
private Long userId;
@Column(name="email", unique=true)
@Email(message="{register.email.invalid}")
@NotBlank(message="{register.email.invalid}")
private String email;
@Transient // meaning it will not be saved in DB
@Size(min=5, max=15, message="{register.password.size}")
private String plainPassword; //unencrytped
@Transient
private String repeatPassword;
@Column(name="password", length=60)
private String password;
@Column(name="role", length=20)
private String role;
@Column(name="enabled")
private Boolean enabled = false;
public void setPlainPassword(String plainPassword) {
//System.out.println("PASSWORD BEFORE " + plainPassword);
this.password = new BCryptPasswordEncoder().encode(plainPassword);
//System.out.println("HERE IS PASSWORD" + this.password + "PASSWORD LENGTH = " + (this.password).length());
this.plainPassword = plainPassword;
}
}
已使用自定义验证器更新:
现在我有 PasswordMatch.java 和 PasswordMatchValidator.java,但是对于如何在实体中设置 @PrePersist 和 @PreUpdate 注释有点困惑:
package com.bcore.hw.validation;
import static java.lang.annotation.ElementType.TYPE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import javax.validation.Constraint;
import javax.validation.Payload;
@Target(TYPE)
@Retention(RUNTIME)
@Constraint(validatedBy=PasswordMatchValidator.class)
@Documented
public @interface PasswordMatch {
String message() default "{error.password.mismatch}";
Class<?>[] groups() default {};
Class<? extends Payload>[] payload() default {};
}
package com.bcore.hw.validation;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
import com.bcore.hw.model.SiteUser;
public class PasswordMatchValidator implements ConstraintValidator<PasswordMatch, SiteUser>{
@Override
public void initialize(PasswordMatch p) {
}
public boolean isValid(SiteUser user, ConstraintValidatorContext c) {
String plainPassword = user.getPlainPassword();
String repeatPassword = user.getRepeatPassword();
if(plainPassword == null || !plainPassword.equals(repeatPassword)) {
return false;
}
return true;
}
}
目前在实体中,您可以在 class 定义之前看到 @PasswordMatch,但这不起作用。所以,@PrePersist 和@PreUpdate 仅用于实体方法定义,但我应该在它们下面放置什么方法?从 PasswordMatch 接口调用 isValid() 方法?不确定此时在实体中做什么。
似乎是 this bug in open status 因为 @Transient 字段