java使用spark_如何使用Java和Spark添加两因素身份验证2fa

java使用spark

Two-factor authentication (2FA) is an increasingly popular method of protecting against fraudulent signups. It works by adding an extra layer of security that requires not only the traditional username and password but also something that the user has in their possession. That’s typically their mobile phone.

两因素身份验证(2FA)是一种防止欺诈性注册的日益流行的方法。 它通过添加额外的安全层来工作，该层不仅需要传统的用户名和密码，还需要用户拥有的某些东西。 通常就是他们的手机。

In this tutorial, you will learn how to implement 2FA for your web apps and services. We’ll do this by creating a simple web page that asks a user to register using their mobile phone number. We’ll use the Verify API to generate a confirmation code and send it to the number via SMS.

在本教程中，您将学习如何为Web应用程序和服务实施2FA。 为此，我们将创建一个简单的网页，要求用户使用其手机号码进行注册。 我们将使用Verify API生成确认代码，并将其通过SMS发送到该号码。

If the user has access to the number that they registered with, they will receive the code. Our application will then prompt them to enter it to complete the registration process.

如果用户有权访问其注册的号码，则他们将收到代码。 然后，我们的应用程序将提示他们输入它以完成注册过程。

先决条件 (Prerequisities)

We’ll build this application using Java and the Spark web framework and create some simple views for the UI elements using the Handlebars templating engine.

我们将使用Java和Spark Web框架构建此应用程序，并使用Handlebars模板引擎为UI元素创建一些简单的视图。

You’ll need the following:

您将需要以下内容：

• The JDK or its open-source equivalent OpenJDK. This tutorial was written using OpenJDK 11, but version 8 or above of either should be fine.

  JDK或其等效的开源OpenJDK 。 本教程是使用OpenJDK 11编写的，但是任何一个的版本8或更高版本都可以。

• Gradle (version 3.4 or later) to build your project and manage its dependencies.

  Gradle (3.4或更高版本)来构建项目并管理其依赖项。

You can find the source code for this tutorial on GitHub.

您可以在GitHub上找到本教程的源代码。

Vonage API帐户 (Vonage API Account)

To complete this tutorial, you will need a Vonage API account. If you don’t have one already, you can sign up today and start building with free credit. Once you have an account, you can find your API Key and API Secret at the top of the Vonage API Dashboard.

要完成本教程，您将需要一个Vonage API帐户 。 如果您还没有，请立即注册并免费获得信用。 拥有帐户后，您可以在Vonage API控制台的顶部找到您的API密钥和API密钥。

建立你的专案 (Create Your Project)

Create a directory for your project called two-factor-auth, change into that directory and then use gradle to initialize the project:

为您的项目创建一个名为two-factor-auth目录，切换到该目录，然后使用gradle初始化项目：

Accept all the defaults, then open the generated project in your IDE.

接受所有默认设置，然后在IDE中打开生成的项目。

初始化依赖关系 (Initialize Dependencies)

Locate the build.gradle file and replace the dependencies section with the following:

找到build.gradle文件，并将dependencies部分替换为以下内容：

We won’t write any unit tests in this example, but you can leave JUnit in there for now. However, to stop it complaining about a missing greeting method later on, comment out the test in src/test/java/two/factor/auth/AppTest.java as follows:

在此示例中，我们不会编写任何单元测试，但是您现在可以将JUnit保留在其中。 但是，要稍后阻止抱怨缺少的问候语方法，请在src/test/java/two/factor/auth/AppTest.java ，如下所示：

创建一个Spark Web应用程序 (Create a Spark Web Application)

gradle created the App class in thesrc/main/java/two/factor/auth/App.java folder.

gradle在src/main/java/two/factor/auth/App.java文件夹中创建了App类。

Open App.java in your IDE. Remove the getGreeting() method that gradle created for you and add the necessary import statements for the spark package.

在您的IDE中打开App.java 。 删除gradle为您创建的getGreeting()方法，并为spark软件包添加必要的import语句。

Then, call Spark’s port method to indicate that your application is listening for requests on port 3000.

然后，调用Spark的port方法以指示您的应用程序正在侦听端口3000上的请求。

Your App.java should look like this:

您的App.java应该如下所示：

初始化Java客户端库 (Initialize the Java Client Library)

To access the Verify API, you’re going to want to use the REST API Client Library for Java.

要访问Verify API，您将要使用REST API Client Library for Java 。

Instantiate it as shown below, replacing YOUR_API_KEY and YOUR_API_SECRET with your API key and secret from the developer dashboard. Make sure that you include the necessary import statements required to work with the Verify API:

如下所示实例化它，用开发人员仪表板中的 API密钥和机密替换YOUR_API_KEY和YOUR_API_SECRET 。 确保您包含使用Verify API所需的必要import语句：

创建视图 (Create the Views)

Your application will have three pages:

您的应用程序将包含三个页面：

• An initial registration page, where your users will register for your service by entering their mobile number.

  初始注册页面 ，您的用户将通过输入他们的手机号码来注册您的服务。

• A confirmation page, where they will be asked to enter the confirmation code sent to their mobile device by the Verify API.

  确认页面 ，将要求他们输入验证API发送给其移动设备的确认代码。

• A results page, where the application will say either that they have registered successfully (if they entered the correct confirmation code) or that registration failed (if they haven’t).

  结果页 ，应用程序将在其中显示已成功注册(如果输入了正确的确认代码)或未成功注册(如果未注册)。

Spark supports many different templating engines, which enables you to insert content into your HTML pages dynamically and also re-use blocks of HTML. In this tutorial, we’ll use Handlebars.

Spark支持许多不同的模板引擎 ，这些引擎使您能够将内容动态地插入HTML页面中，并且还可以重复使用HTML块。 在本教程中，我们将使用Handlebars 。

Because we want to focus on teaching you how to use the Verify API here, we won’t describe how these work in this post, but instead ask you to download the content that you need from our GitHub repo.

因为我们要集中精力在这里教您如何使用Verify API，所以我们不会在本文中描述这些方法的工作原理，而是要求您从GitHub存储库中下载所需的内容。

First, include the following imports in your App.java file that will enable you to work with Handlebars:

首先，在App.java文件中包括以下导入，这些导入使您可以使用Handlebars：

Then, create the src/main/resources/public and src/main/resources/templates directories.

然后，创建src/main/resources/public和src/main/resources/templates目录。

Copy the contents of the styles.css file into src/main/resources/public/styles.css.

将styles.css文件的内容复制到src/main/resources/public/styles.css 。

Then copy the *.hbs template files in the resources folder on GitHub into src/main/resources/templates.

然后将GitHub上resources文件夹中的*.hbs模板文件复制到src/main/resources/templates 。

Ensure that your application knows about the styles.css static CSS file by specifying the location of its parent folder ( public) in the main method in App.java:

通过在App.java的main方法中指定其父文件夹( public )的位置，确保您的应用程序了解styles.css静态CSS文件：

显示初始注册页面 (Display the Initial Registration Page)

When your user first visits your site, you want to display the registration page. Do this by defining the default route (/) using spark and rendering the register.hbs template as shown:

用户首次访问您的网站时，您要显示注册页面。 为此，请使用spark定义默认路由( / )并渲染register.hbs模板，如下所示：

Test your application by executing gradle run and then visiting http://localhost:3000 in your browser. If you have set up everything correctly, you will see the following page:

通过执行gradle run然后在浏览器中访问http://localhost:3000来测试您的应用程序。 如果正确设置了所有内容，则会看到以下页面：

提交验证请求 (Submit the Verification Request)

The user must enter their cellphone number into the text box on the registration page and then click Register to start the verification process.

用户必须在注册页面的文本框中输入其手机号码，然后单击“ 注册”以开始验证过程。

The Verify API expects this number to include the international dialing code but omit any leading zeroes. For example, the UK number 07700 900001 should be represented as 447700900001.

验证API希望此号码包含国际拨号代码，但省略任何前导零。 例如，英国编号07700 900001应该表示为447700900001 。

In a production application, you might want to determine the correct locale and country code programmatically and we have an API for that! Check out the Number Insight API. For now though, let’s keep things simple.

在生产应用程序中，您可能希望以编程方式确定正确的语言环境和国家/地区代码，我们为此提供了一个API！ 查看Number Insight API 。 现在，让我们保持简单。

When the user clicks Register we want to capture the number they entered and submit the verification request.

当用户单击注册时，我们要捕获他们输入的号码并提交验证请求。

Each verification request is associated with a verification ID. We need to keep a record of this too so that we can use it to check that the user entered the correct confirmation code later.

每个验证请求都与一个验证ID相关联。 我们也需要对此进行记录，以便以后可以使用它来检查用户是否输入了正确的确认码。

So add two class-level variables to store this information, underneath the API_KEY and API_SECRET variables you populated earlier:

因此，在您先前填充的API_KEY和API_SECRET变量下面添加两个类级变量来存储此信息：

We’ll submit the verification request from the /register route, so define the route as follows:

我们将从/register路由提交验证请求，因此请按以下方式定义路由：

This code triggers the verification request by first retrieving an instance of VerifyClient and then calling its verify method, passing in the number we want to verify and an alphanumeric string that is used to identify the sender in the SMS message body.

此代码通过首先获取VerifyClient的实例，然后调用其verify方法，传入我们要验证的数字以及用于标识SMS消息正文中的发件人的字母数字字符串，来触发验证请求。

It returns a VerifyResponse object which we can use to examine if the request was issued successfully. If so, we retrieve the verification request ID and use it to check the code sent to the user for that specific verification attempt in the next step.

它返回一个VerifyResponse对象，我们可以使用该对象检查请求是否成功发出。 如果是这样，我们将在下一步中检索验证请求ID，并使用它来检查发送给用户的代码以进行特定的验证尝试。

Once we have submitted the verification request, the user will receive a verification code via SMS:

我们提交验证请求后，用户将通过SMS收到验证码：

We render the verify.hbs view, to allow them to enter the code that they received:

我们呈现verify.hbs视图，以允许他们输入收到的代码：

By default, after sending the SMS, the Verify API waits for a code for 125 seconds. If it doesn’t receive it within that time period, it follows up with two text-to-speech phone calls before finally giving up and failing the verification attempt. You can find out more about the default workflow and how to enable different workflows by reading the documentation.

默认情况下，发送SMS后，Verify API将等待代码125秒钟。 如果在该时间段内未收到，则会跟进两次文字转语音电话，直到最终放弃并通过验证失败。 您可以通过阅读文档了解有关默认工作流程以及如何启用不同工作流程的更多信息 。

检查确认码 (Check the Confirmation Code)

We now need to provide the necessary logic to verify the code that they entered. Create the /check route for this:

现在，我们需要提供必要的逻辑来验证他们输入的代码。 为此创建/check路由：

This code uses the VerifyClient.check method, passing it the request ID that we stored from the verification request step and the code that the user entered in the verify.hbs view.

该代码使用VerifyClient.check方法， VerifyClient.check传递我们在验证请求步骤中存储的请求ID和用户在verify.hbs视图中输入的代码。

The check method returns a CheckResponse object. We use its getStatus method to determine whether the user entered the correct code and display the appropriate response in the result.hbs view. If the user entered the code correctly, we receive the following message:

该check方法返回一个CheckResponse对象。 我们使用其getStatus方法确定用户是否输入了正确的代码，并在result.hbs视图中显示适当的响应。 如果用户正确输入了密码，我们将收到以下消息：

试试看！ (Try it Out!)

1. Execute gradle run in your terminal.

   在您的终端上执行gradle run 。

2. Visit http://localhost:3000 in your browser.

   在浏览器中访问http://localhost:3000 。

3. Enter your mobile phone number and click Register. In a moment or two, you will receive an SMS that contains a verification code.

   输入您的手机号码，然后单击注册 。 一两分钟后，您会收到一条包含验证码的SMS。

4. Enter the verification code and click Check.

   输入验证码，然后单击检查 。

5. If you entered the code successfully, you will receive a “Registration successful” message.
   如果您成功输入密码，您将收到“注册成功”消息。

结论 (Conclusion)

That’s the basics of using the Verify API to implement two-factor authentication in your Java web applications. To learn more, see the links to the documentation provided below.

这是使用Verify API在Java Web应用程序中实现两因素身份验证的基础。 要了解更多信息，请参阅下面提供的文档的链接。

进一步阅读 (Further Reading)

• General information about the Verify API

  有关Verify API的常规信息

• Verify API Documentation

  验证API文档

• Verify API reference

  验证API参考

• Number Insight API

  Number Insight API

Originally published at https://www.nexmo.com/blog/2020/08/18/how-to-add-two-factor-authentication-using-java-and-spark

最初发布于 https://www.nexmo.com/blog/2020/08/18/how-to-add-two-factor-authentication-using-java-and-spark

翻译自: https://levelup.gitconnected.com/how-to-add-two-factor-authentication-2fa-using-java-and-spark-6389409159b8

java使用spark