我在Java Web Project中添加了双因素身份验证。在登录页面中,用户必须输入用户名,密码和安全代码(安全代码将在登录页面中开始生成)。如果这三个匹配,则可以访问主页面。
@RequestMapping(value = "")
public String login() throws InterruptedException, GeneralSecurityException {
getSecureCode();
return "login"; // return to login.jsp
}
public void getSecureCode() throws InterruptedException, GeneralSecurityException {
String base32Secret = TimeBasedOneTimePasswordUtil.generateBase32Secret(16);
String keyId = "abc123";
logger.info("Image url = " + TimeBasedOneTimePasswordUtil.qrImageUrl(keyId, base32Secret));
code = TimeBasedOneTimePasswordUtil.generateCurrentNumberString(base32Secret);
while (true) {
long diff = TimeBasedOneTimePasswordUtil.DEFAULT_TIME_STEP_SECONDS
- ((System.currentTimeMillis() / 1000) % TimeBasedOneTimePasswordUtil.DEFAULT_TIME_STEP_SECONDS);
code = TimeBasedOneTimePasswordUtil.generateCurrentNumberString(base32Secret);
logger.info("Secret code = " + code + ", change in " + diff + " seconds");
Thread.sleep(1000);
}
}
// after button in login.jsp clicked
@RequestMapping(value = "check", method = RequestMethod.POST)
我添加了getSecureCode方法,因此用户可以在登录页面中获取安全代码。不幸的是,网页没有加载。如果我删除它只有它。
P / S:对于双因素身份验证,我参考https://github.com/j256/two-factor-auth
答案 0 :(得分:0)
while循环永远不会退出,因此应该处理请求并返回响应的线程将无限期地卡住。