如果我编写以下代码:
static constraints = {
password blank: false, password: true , validator:{ val, obj ->
if (obj.password != obj.confirmarPassword)
return 'usuario.password.dontmatch'
}
confirmarPassword bindable: true
}
}
static transients = ['confirmarPassword']
password
在and中引入相同的密码后出现如下错误confirmarPassword
:
usuario.Usuario 条目中的空 id(发生异常后不刷新会话)
我找到了问题的根源。这是下一个比较:
obj.password != obj.confirmarPassword
如果我在验证器中编写以下代码:
println "password: ${obj.password}"
println "confirmarPassword: ${obj.confirmarPassword)}"
Eclipse 打印:
password: testPassword
confirmarPassword: testPassword
password: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
confirmarPassword: testPassword
作为我的第二次尝试,我尝试了:
if (obj.password != obj.springSecurityService.encodePassword(obj.confirmarPassword))
验证未通过:
具有值 [testPassword] 的类 [class usuario.Usuario] 的属性 [password] 未通过自定义验证
与:
println "password: ${obj.password}"
println "confirmarPassword: ${obj.springSecurityService.encodePassword(obj.confirmarPassword)}"
Eclipse 打印:
password: testPassword
confirmarPassword: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
password: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
confirmarPassword: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
对于我的第三次尝试,我尝试了:
if (obj.springSecurityService.encodePassword(obj.password) != obj.springSecurityService.encodePassword(obj.confirmarPassword))
再次出现同样的错误:
usuario.Usuario 条目中的空 id(发生异常后不刷新会话)
密码第二次看起来加密了两次:
password: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
confirmarPassword: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
password: e8c3cb111bf39f848b9a20e186f1663fd5acb0ae018ddf5763ae65bd6f45151e
confirmarPassword: fd5cb51bafd60f6fdbedde6e62c473da6f247db271633e15919bab78a02ee9eb
我的想法不多了。客户端呢?使用 Javascript 执行此验证是否安全?
这是我的完整域类代码:
package usuario
class Usuario implements Serializable {
transient springSecurityService
String username
String password
boolean enabled
boolean accountExpired
boolean accountLocked
boolean passwordExpired
String confirmarPassword
String nombre
String apellidos
String email
String telefono
String documentoIdentificacion
boolean aceptarPoliticaDeProteccionDeDatos = Boolean.FALSE
static transients = ['confirmarPassword', 'aceptarPoliticaDeProteccionDeDatos']
static constraints = {
username blank: false, unique: true
password blank: false, password: true
confirmarPassword bindable: true, blank:false, password: true, validator:{ val, obj ->
println "password: ${obj.password}"
println "confirmarPassword: ${val}"
if ((obj.password != val))
return 'usuario.password.dontmatch'
}
nombre blank: false
apellidos blank: false
email blank: false, email:true
telefono blank: false, matches: "[0-9 -+()]{3,15}"
documentoIdentificacion blank: false
aceptarPoliticaDeProteccionDeDatos bindable: true, validator:{ val, obj ->
if (!obj.id && obj.aceptarPoliticaDeProteccionDeDatos != true) //> !obj.id: si el usuario ya no está creado. Si ya está creado es que lo está modificando y no es necesario que vuelva a aceptar la política.
return 'usuario.politicaprotecciondatos.notaccepted'
}
}
static mapping = {
password column: '`password`'
}
Set<Rol> getAuthorities() {
UsuarioRol.findAllByUsuario(this).collect { it.rol } as Set
}
def beforeInsert() {
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}
}