Pass parameters on GET

Question

Pass parameters on GET

Asked 5 years, 1 month ago

Viewed 110 times

0

I’m trying to do a GET to validate a user using Cpf and password,using DAO, but I’m not sure when to pass the parameter.

Follow the get code

   private Usuario usuarioLogado;

    @GET
    @Path("/{cpf}/{senha}")
    public String Autenticar(@PathParam("cpf") String cpf,@PathParam("senha") String senha  ) {

    UsuarioDAO usuarioDAO = new UsuarioDAO();
    usuarioLogado = usuarioDAO.autenticar(cpf, senha);

        Gson gson = new Gson();
        String json = gson.toJson(usuarioLogado);

        return json; }

Follows the DAO

public Usuario autenticar(String cpf, String senha) {
        Session sessao = hibernateUtil.getFabricaDeSessoes().openSession();

        try{
            Criteria consulta = sessao.createCriteria(Usuario.class);
            consulta.createAlias("pessoa", "p");

            consulta.add(Restrictions.eq("p.cpf", cpf));

            SimpleHash hash = new SimpleHash("md5", senha);
            consulta.add(Restrictions.eq("senha", hash.toHex()));

            Usuario resultado = (Usuario) consulta.uniqueResult();

            return resultado;
        } catch (RuntimeException erro) {
            throw erro;
        } finally {
            sessao.close();
        }
    }

And what is your doubt?

– nullptr

2019/05/17 at 14:26
Anyway it is a bad practice you pass the open password through your GET URL.

– nullptr

2019/05/17 at 14:34
So, this I imagined, and I wanted to know how I can do this authentication without passing the password URL.

– thiago eza

2019/05/17 at 16:13
My question is whether there would be another way to do this authentication consultation.

– thiago eza

2019/05/17 at 16:15

1 answer

Browser other questions tagged json oop restful get gson

You are not signed in. Login or sign up in order to post.

by wensiso • **626** points · Answer 1 · 2019-05-17T19:46:33+00:00

Since you need to send user and password, instead of using a GET you should use POST, pq Ué already prevents the user and password from appearing in the URL.

Even so, you need to use https to submit this user and password form, otherwise someone can intercept the network communication and get the post content, along with the user and password.