Spring Boot Data Rest JPA - 实体自定义创建(用户)

Question

我正在努力学习Spring.我使用以下工具使用Spring Boot创建了一个项目:

• Spring Data JPA
• Spring Data REST
• 春天的HATEOAS
• 春季安全

我正在尝试创建一个User实体.我希望用户拥有加密密码(+ salt).

当我这样做POST,/api/users我成功地创建了一个新用户.

{
"firstname":"John",
"lastname":"Doe",
"email":"johndoe@example.com",
"password":"12345678"
}

但我有两个问题:

• 密码以明文形式保存
• 盐是空的

+----+---------------------+-----------+----------+----------+------+
| id |        email        | firstname | lastname | password | salt |
+----+---------------------+-----------+----------+----------+------+
|  1 | johndoe@example.com | John      | Doe      | 12345678 | NULL |
+----+---------------------+-----------+----------+----------+------+

我认为问题是使用默认构造函数而不是我创建的另一个.我是Spring和JPA的新手,所以我必须遗漏一些东西.这是我的代码.

User.java

@Entity
@Table(name = "users")
public class User{

    @Id
    @GeneratedValue
    private Long id;

    @Column(nullable = false)
    public String firstname;

    @Column(nullable = false)
    public String lastname;

    @Column(nullable = false, unique = true)
    public String email;

    @JsonIgnore
    @Column(nullable = false)
    public String password;

    @JsonIgnore
    @Column
    private String salt;

    public User() {}

    public User(String email, String firstname, String lastname, String password) {
        this.email = email;
        this.firstname = firstname;
        this.lastname = lastname;
        this.salt = UUID.randomUUID().toString();
        this.password = new BCryptPasswordEncoder().encode(password + this.salt);
    }


    @JsonIgnore
    public String getSalt() {
        return salt;
    }

    @JsonProperty
    public void setSalt(String salt) {
        this.salt = salt;
    }

    public String getEmail() {
        return email;
    }

    public void setEmail(String email) {
        this.email = email;
    }

    public String getFirstname() {
        return firstname;
    }

    public void setFirstname(String firstname) {
        this.firstname = firstname;
    }

    public Long getId() {
        return id;
    }

    public void setId(Long id) {
        this.id = id;
    }

    public String getLastname() {
        return lastname;
    }

    public void setLastname(String lastname) {
        this.lastname = lastname;
    }

    @JsonIgnore
    public String getPassword() {
        return password;
    }

    @JsonProperty
    public void setPassword(String password) {
        this.password = password;
    }

}

UserRepository.java

public interface UserRepository extends JpaRepository<User, Long> {

    public User findByEmail(String email);

    public User findByEmailAndPassword(String email, String password);
}

Application.java

@SpringBootApplication
public class Application {


    public static void main(String[] args) {
        SpringApplication.run(Application .class, args);
    }

}

此外,如果有人发现我做错了什么,我想指出我应该把用户登录代码放在哪里/如何(解密).

谢谢.

Answer 1

所以，这就是我解决问题的方法：我创建了一个控制器作为我的自定义端点，然后创建了一个服务，在其中放置了创建用户所需的逻辑。这是代码：

用户控制器.java

@Controller
public class UserController {

    @Autowired
    private UserService userService;

    @RequestMapping("/api/register")
    @ResponseBody
    public Long register(@RequestBody User user) {
        return userService.registerUser(user);
    }

    ...

}

用户服务.java

@Service
public class UserService {

    @Autowired
    private UserRepository userRepository;

    public Long registerUser(User user) {
        user.setPassword(new BCryptPasswordEncoder().encode(password));
        userRepository.save(user);
        return user.getId();
    }

        ...

}

所以通过做POST一个

{
"firstname":"John",
"lastname":"Doe",
"email":"johndoe@example.com",
"password":"12345678"
}

在 中/api/register，我现在可以创建一个具有哈希密码的用户。