在Spring Security 中保护字符串查询的问题

vktxenjb  于 2021-07-13  发布在  Java
关注(0)|答案(0)|浏览(220)

我对springsecurity非常陌生,我想看看是否有一种方法来保护这些查询字符串,这样当您执行诸如“login”之类的操作时,它们就不会出现在开发人员控制台中,但仍然可以在我的springboot服务(如userservice)中访问?
有没有一种我不知道的加密方法?我有点搞不懂做这件事的最佳方法。
(我的项目使用的是vue前端,而不是内置的springboot登录等)
我的网站安全配置-

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    public static final String AUTHORITY_QUERY = "SELECT email, password, firstName, lastName, phoneNumber FROM***.user";
    public static final String USERS_QUERY = "INSERT INTO***.user (firstName, lastName, phoneNumber,email,password,emailIsVerified,agreedToTermsOfService,dateTimeCreated,psapAffiliationHasBeenVerified,hasSeenWalkthrough,isAdmin,is_enabled) values(:firstName, :lastName, :phoneNumber,:email,:password,0,0,now(),0,0,0,1)";
    public static final String CONFIRMATION_QUERY = "INSERT INTO***.user (phoneNumber,email,password,emailIsVerified,agreedToTermsOfService,companyName,is_enabled) values(:phoneNumber,:email,:password,1,1,:companyName,1)";

    @Autowired
    private DataSource dataSource;

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(20);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication()
                .usersByUsernameQuery(USERS_QUERY)
                .authoritiesByUsernameQuery(AUTHORITY_QUERY)
                .dataSource(dataSource);
    }

    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors()
                .and()
                .csrf().disable()
                .anonymous().disable()
                .authorizeRequests()
                .antMatchers("/api").permitAll()
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
    }
}

用户服务示例-

public void confirmNewUserAccount(User user) {
    if(user.getEmailVerificationCode() != null) {
        namedParameterJdbcTemplate.update(WebSecurityConfig.CONFIRMATION_QUERY, new BeanPropertySqlParameterSource(user));
        System.out.println("Account verified");
    } else {
        new ResponseEntity<Error>(HttpStatus.CONFLICT);
    }
}

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题