第十五章 加密算法實例1--註冊登錄(消息摘要算法)
阿新 • • 發佈:2017-07-13
其他 open targe 代碼 type .get stack static app
15.1、原理步驟
- 註冊:註冊時,將用戶密碼加密放入數據庫
- 登錄:登錄時,將用戶密碼采用上述相同的算法加密,之後再與數據庫中的信息進行比對,若相同,則登錄
15.2、實現(這裏采用了SHA256算法,其他摘要算法MD5/SHA1/MAC類似)
註意:這裏的程序是在我之前寫的一個maven+spring+springmvc+mybatis+velocity整合的文章上進行的修改,具體的框架搭建以及數據庫表結構等就不再啰嗦了,自己參考下邊這篇博客:
http://www.cnblogs.com/java-zhao/p/5096811.html
這裏只列出Java類。整個代碼結構如下:
UserController
package com.xxx.web; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody;View Codeimport org.springframework.web.servlet.ModelAndView; import com.xxx.model.User; import com.xxx.service.UserService; @Controller @RequestMapping("user") public class UserController { @Autowired private UserService userService; @ResponseBody @RequestMapping("register")public boolean register(@RequestParam("username") String username, @RequestParam("password") String password){ return userService.register(username, password); } @RequestMapping("login") public ModelAndView login(@RequestParam("username") String username, @RequestParam("password") String password){ User user = userService.login(username, password); ModelAndView modelAndView = new ModelAndView(); if(user == null){ modelAndView.addObject("message", "用戶不存在或者密碼錯誤!請重新輸入"); modelAndView.setViewName("error"); }else{ modelAndView.addObject("user", user); modelAndView.setViewName("userinfo"); } return modelAndView; } }
UserService(這裏是加解密的主戰場)
package com.xxx.service; import java.io.UnsupportedEncodingException; import java.security.NoSuchAlgorithmException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import com.util.encoder.ShaEncoder; import com.xxx.dao.UserDAO; import com.xxx.model.User; @Service public class UserService { @Autowired private UserDAO userDao; public boolean register(String username, String password){ User user = new User(); user.setUsername(username); try { user.setPassword(ShaEncoder.encodeSHAHex(password));//對密碼進行sha256加密 } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } return userDao.register(user); } public User login(String username, String password) { User user = null; try { user = userDao.login(username, ShaEncoder.encodeSHAHex(password));//對密碼進行sha256加密 } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } return user; } }View Code
UserDAO
package com.xxx.dao; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Repository; import com.xxx.mapper.UserMapper; import com.xxx.model.User; @Repository public class UserDAO { @Autowired private UserMapper userMapper; public boolean register(User user){ return userMapper.insertUser(user)==1?true:false; } public User login(String username ,String password){ return userMapper.selectByUsernameAndPwd(username, password); } }View Code
UserMapper
package com.xxx.mapper; import org.apache.ibatis.annotations.Insert; import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Result; import org.apache.ibatis.annotations.Results; import org.apache.ibatis.annotations.Select; import com.xxx.model.User; public interface UserMapper { @Insert("INSERT INTO userinfo(username, password) VALUES(#{username},#{password})") public int insertUser(User user); @Select("SELECT * FROM userinfo WHERE username = #{username} AND password = #{password}") @Results(value = { @Result(id = true, column = "id", property = "id"), @Result(column = "username", property = "username"), @Result(column = "password", property = "password")}) public User selectByUsernameAndPwd(@Param("username")String username ,@Param("password")String password); }View Code
ShaEncoder(這裏基於Commons Codec,即CC實現的Sha256工具類)
package com.util.encoder; import java.io.UnsupportedEncodingException; import java.security.NoSuchAlgorithmException; import org.apache.commons.codec.digest.DigestUtils; public class ShaEncoder { private static final String ENCODING = "UTF-8"; public static String encodeSHAHex(String data) throws NoSuchAlgorithmException,UnsupportedEncodingException { return new String(DigestUtils.sha256Hex(data.getBytes(ENCODING))); } }View Code
代碼簡單易懂,自己去看邏輯,然後進行測試即可。
當然我們還可以在上述代碼的基礎上,為密碼加一點鹽(即用一個字符串與密碼相連),然後對加鹽後的字符串進行加密。代碼如下:
package com.xxx.service; import java.io.UnsupportedEncodingException; import java.security.NoSuchAlgorithmException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import com.util.encoder.ShaEncoder; import com.xxx.dao.UserDAO; import com.xxx.model.User; @Service public class UserService { private static final String SALT = "nana";//鹽 @Autowired private UserDAO userDao; public boolean register(String username, String password){ User user = new User(); user.setUsername(username); try { user.setPassword(ShaEncoder.encodeSHAHex(SALT+password));//對加鹽的密碼進行sha256加密 } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } return userDao.register(user); } public User login(String username, String password) { User user = null; try { user = userDao.login(username, ShaEncoder.encodeSHAHex(SALT+password));//對加鹽的密碼進行sha256加密 } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } return user; } }View Code
當然,這裏的鹽是一個固定的字符串(在實際使用中,這樣的做法最為常見),我們也可以對每個登錄的用戶使用他自己的姓名作為鹽(這樣每個人的鹽就不一樣了)。
第十五章 加密算法實例1--註冊登錄(消息摘要算法)