• 第十五章 加密算法实例1--注册登录(消息摘要算法)

    15.1、原理步骤

    • 注册:注册时,将用户密码加密放入数据库
    • 登录:登录时,将用户密码采用上述相同的算法加密,之后再与数据库中的信息进行比对,若相同,则登录

    15.2、实现(这里采用了SHA256算法,其他摘要算法MD5/SHA1/MAC类似)

    注意:这里的程序是在我之前写的一个maven+spring+springmvc+mybatis+velocity整合的文章上进行的修改,具体的框架搭建以及数据库表结构等就不再啰嗦了,自己参考下边这篇博客:

    http://www.cnblogs.com/java-zhao/p/5096811.html

    这里只列出Java类。整个代码结构如下:

    UserController

     1 package com.xxx.web;
 2 
 3 import org.springframework.beans.factory.annotation.Autowired;
 4 import org.springframework.stereotype.Controller;
 5 import org.springframework.web.bind.annotation.RequestMapping;
 6 import org.springframework.web.bind.annotation.RequestParam;
 7 import org.springframework.web.bind.annotation.ResponseBody;
 8 import org.springframework.web.servlet.ModelAndView;
 9 
10 import com.xxx.model.User;
11 import com.xxx.service.UserService;
12 
13 @Controller
14 @RequestMapping("user")
15 public class UserController {
16     
17     @Autowired
18     private UserService userService;
19     
20     @ResponseBody
21     @RequestMapping("register")
22     public boolean register(@RequestParam("username") String username,
23                             @RequestParam("password") String password){
24         
25         return userService.register(username, password);
26     }
27     
28     @RequestMapping("login")
29     public ModelAndView login(@RequestParam("username") String username,
30                               @RequestParam("password") String password){
31         User user = userService.login(username, password);
32         
33         ModelAndView modelAndView = new ModelAndView();
34         if(user == null){
35             modelAndView.addObject("message", "用户不存在或者密码错误!请重新输入");
36             modelAndView.setViewName("error");
37         }else{
38             modelAndView.addObject("user", user);
39             modelAndView.setViewName("userinfo");
40         }
41         
42         return modelAndView;
43     }
44 }
    View Code

    UserService(这里是加解密的主战场)

     1 package com.xxx.service;
 2 
 3 import java.io.UnsupportedEncodingException;
 4 import java.security.NoSuchAlgorithmException;
 5 
 6 import org.springframework.beans.factory.annotation.Autowired;
 7 import org.springframework.stereotype.Service;
 8 
 9 import com.util.encoder.ShaEncoder;
10 import com.xxx.dao.UserDAO;
11 import com.xxx.model.User;
12 
13 @Service
14 public class UserService {
15     
16     @Autowired
17     private UserDAO userDao;
18     
19     public boolean register(String username, String password){
20         User user = new User();
21         user.setUsername(username);
22         try {
23             user.setPassword(ShaEncoder.encodeSHAHex(password));//对密码进行sha256加密
24         } catch (NoSuchAlgorithmException e) {
25             e.printStackTrace();
26         } catch (UnsupportedEncodingException e) {
27             e.printStackTrace();
28         }
29         return userDao.register(user);
30     }
31     
32     public User login(String username, String password) {
33         User user = null;
34         try {
35             user = userDao.login(username, ShaEncoder.encodeSHAHex(password));//对密码进行sha256加密
36         } catch (NoSuchAlgorithmException e) {
37             e.printStackTrace();
38         } catch (UnsupportedEncodingException e) {
39             e.printStackTrace();
40         }
41         return user;
42     }
43 }
    View Code

    UserDAO

     1 package com.xxx.dao;
 2 
 3 import org.springframework.beans.factory.annotation.Autowired;
 4 import org.springframework.stereotype.Repository;
 5 
 6 import com.xxx.mapper.UserMapper;
 7 import com.xxx.model.User;
 8 
 9 @Repository
10 public class UserDAO {
11     
12     @Autowired
13     private UserMapper userMapper;
14     
15     public boolean register(User user){
16         return userMapper.insertUser(user)==1?true:false;
17     }
18     
19     public User login(String username ,String password){
20         return userMapper.selectByUsernameAndPwd(username, password);
21     }
22 }
    View Code

    UserMapper

     1 package com.xxx.mapper;
 2 
 3 import org.apache.ibatis.annotations.Insert;
 4 import org.apache.ibatis.annotations.Param;
 5 import org.apache.ibatis.annotations.Result;
 6 import org.apache.ibatis.annotations.Results;
 7 import org.apache.ibatis.annotations.Select;
 8 
 9 import com.xxx.model.User;
10 
11 public interface UserMapper {
12     
13     @Insert("INSERT INTO userinfo(username, password) VALUES(#{username},#{password})")
14     public int insertUser(User user);
15     
16     @Select("SELECT * FROM userinfo WHERE username = #{username} AND password = #{password}")
17     @Results(value = { @Result(id = true, column = "id", property = "id"),
18                        @Result(column = "username", property = "username"), 
19                        @Result(column = "password", property = "password")})
20     public User selectByUsernameAndPwd(@Param("username")String username ,@Param("password")String password);
21 }
    View Code

    ShaEncoder(这里基于Commons Codec,即CC实现的Sha256工具类)

     1 package com.util.encoder;
 2 
 3 import java.io.UnsupportedEncodingException;
 4 import java.security.NoSuchAlgorithmException;
 5 import org.apache.commons.codec.digest.DigestUtils;
 6 
 7 public class ShaEncoder {
 8     private static final String ENCODING = "UTF-8";
 9     
10     public static String encodeSHAHex(String data) throws NoSuchAlgorithmException,UnsupportedEncodingException {
11         return new String(DigestUtils.sha256Hex(data.getBytes(ENCODING)));
12     }
13 }
    View Code

    代码简单易懂,自己去看逻辑,然后进行测试即可。

    当然我们还可以在上述代码的基础上,为密码加一点盐(即用一个字符串与密码相连),然后对加盐后的字符串进行加密。代码如下:

     1 package com.xxx.service;
 2 
 3 import java.io.UnsupportedEncodingException;
 4 import java.security.NoSuchAlgorithmException;
 5 
 6 import org.springframework.beans.factory.annotation.Autowired;
 7 import org.springframework.stereotype.Service;
 8 
 9 import com.util.encoder.ShaEncoder;
10 import com.xxx.dao.UserDAO;
11 import com.xxx.model.User;
12 
13 @Service
14 public class UserService {
15     
16     private static final String SALT = "nana";//
17     
18     @Autowired
19     private UserDAO userDao;
20     
21     public boolean register(String username, String password){
22         User user = new User();
23         user.setUsername(username);
24         try {
25             user.setPassword(ShaEncoder.encodeSHAHex(SALT+password));//对加盐的密码进行sha256加密
26         } catch (NoSuchAlgorithmException e) {
27             e.printStackTrace();
28         } catch (UnsupportedEncodingException e) {
29             e.printStackTrace();
30         }
31         return userDao.register(user);
32     }
33     
34     public User login(String username, String password) {
35         User user = null;
36         try {
37             user = userDao.login(username, ShaEncoder.encodeSHAHex(SALT+password));//对加盐的密码进行sha256加密
38         } catch (NoSuchAlgorithmException e) {
39             e.printStackTrace();
40         } catch (UnsupportedEncodingException e) {
41             e.printStackTrace();
42         }
43         return user;
44     }
45 }
    View Code

    当然,这里的盐是一个固定的字符串(在实际使用中,这样的做法最为常见),我们也可以对每个登录的用户使用他自己的姓名作为盐(这样每个人的盐就不一样了)。
  • 相关阅读:
    微信浏览器内 h5 直接唤醒 app 之 微信开放标签 wx-open-launch-app
    HTML5之2D物理引擎 Box2D for javascript Games 系列 翻外篇--如何结合createJS应用box2d.js
    HTML5之2D物理引擎 Box2D for javascript Games 系列 第三部分之创建图腾破坏者的关卡
    HTML5之2D物理引擎 Box2D for javascript Games 系列 第二部分
    HTML5之2D物理引擎 Box2D for javascript Games 系列 第一部分
    写给“有钱大爷”、”美工殿下”、“前端文艺青年”的微信HTML5页面设计建议
    微信 JS-SDK Demo “分享信息设置” API 及数字签名生成方法(NodeJS版本)更新时间(2020-10-29)
    NodeJS让前端与后端更友好的分手
    “榕树下·那年”移动app ( hybrid ) 开发总结
    如何在移动端app中应用字体图标icon fonts
  • 原文地址:https://www.cnblogs.com/java-zhao/p/5096941.html
Copyright © 2020-2023  润新知