Springboot实现密码的加密解密

网友投稿 604 2023-03-16


Springboot实现密码的加密解密

现今对于大多数公司来说,信息安全工作尤为重要,就像京东,阿里巴巴这样的大公司来说,信息安全是最为重要的一个话题,举个简单的例子:

就像这样的密码公开化,很容易造成一定的信息的泄露。所以今天我们要讲的就是如何来实现密码的加密和解密来提高数据的安全性。

在这首先要引入springboot融合mybatis的知识,如果有这方面不懂得同学,就要首先看一看这方面的知识:

推荐大家一个比较好的博客: 程序猿DD-翟永超 http://blog.didispace.com/springbootmybatis/

为了方便大家的学习,我直接将源代码上传:

1.pom.xml

4.0.0

com.ninemax

spring-Login-test

0.0.1-SNAPSHOT

war

org.springframework.boot

spring-boot-starter-parent

1.3.2.RELEASE

UTF-8

1.8

org.springframework.boot

spring-boot-starter

org.springframework.boot

spring-boot-starter-test

test

org.mybatis.spring.boot

mybatis-spring-boot-starter

1.1.1

org.springframework.boot

spring-boot-starter-web

commons-dbcp

commons-dbcp

com.oracle

ojdbc14

10.2.0.3.0

org.springframework.boot

spring-boot-starter-thymeleaf

org.springframework.boot

spring-boot-maven-plugin

org.apache.maven.plugins

maven-surefire-plugin

true

2. AppTest.java

package com;

import org.springframework.boot.SpringApplication;

import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication

public class AppTest {

public static void main(String[] args) {

SpringApplication.run(AppTest.class, args);

}

}

3.User.java

package com.entity;

public class User {

private String username;

private String password;

public String getUsername() {

return username;

}

public void setUsername(String username) {

this.username = username;

}

public String getPassword() {

return password;

}

public void setPassword(String password) {

this.password = password;

}

@Override

public String toString() {

return "User [username=" + username + ", password=" + password + "]";

}

}

4.UserController.java

package com.controller;

import java.security.SecureRandom;

import javax.crypto.Cipher;

import javax.crypto.SecretKey;

import javax.crypto.SecretKeyFactory;

import javax.crypto.spec.DESKeySpec;

import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.stereotype.Controller;

import org.springframework.web.bind.annotation.RequestMapping;

import com.dao.UserDao;

import com.entity.User;

@Controller

public class UserController {

@Autowired

private UserDao userDao;

@RequestMapping("/regist")

public String regist() {

return "regist";

}

@RequestMapping("/login")

public String login() {

return "login";

}

@RequestMapping("/success")

public String success(HttpServletRequest request) {

String username = request.getParameter("username");

String password = request.getParameter("password");

userDao.save(username, password);

return "success";

}

@RequestMapping("/Loginsuccess")

public String successLogin(HttpServletRequest request) {

String username = request.getParameter("username");

String password = request.getParameter("password"); ///123456

User user = userDao.findByUname(username);

if(user.getPassword().equals(password)) {

return "successLogin";

}

return "failure";

}

}

5.UserDao.java

package com.dao;

import org.apache.ibatis.annotations.Insert;

import org.apache.ibatis.annotations.Mapper;

import org.apache.ibatis.annotations.Param;

import org.apache.ibatis.annotations.Select;

import com.entity.User;

@Mapper

public interface UserDao {

@Insert("INSERT INTO LOGIN_NINE VALUES(#{username}, #{password})")

void save(@Param("username")String username,@Param("password")String password);

@Select("SELECT * FROM LOGIN_NINE WHERE username= #{username}")

User findByUname(@Param("username")String username);

}

6.application.properties

spring.datasource.url=jdbc:oracle:thin:@10.236.4.251:1521:orcl

spring.datasource.username=hello

spring.datasource.password=lisa

spring.datasource.driver-class-name=oracle.jdbc.driver.OracleDriver

7.还有一些静态HTML

(1.)regist.html

用户名

密码

 

(2.)login.html

请输入用户名

请输入密码

 


注册账号

(3.)success.html

返回登录

(4.)failure.html

登录失败

(5.)successLogin.html

success

代码的格式如下:

完成了这一步的话首先运行一下AppTest看是否出错,如果有错,自己找原因,这里就不和大家讨论了,写了这么多,才要要进入正题了

本文采取的是EDS的加密解密方法,方法也很简单,不用添加额外的jar包,只需要在UserController上做出简单的修改就可以了:

*****UserController.java

package com.controller;

import java.security.SecureRandom;

import javax.crypto.Cipher;

import javax.crypto.SecretKey;

import javax.crypto.SecretKeyFactory;

import javax.crypto.spec.DESKeySpec;

import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.stereotype.Controller;

import org.springframework.web.bind.annotation.RequestMapping;

import com.dao.UserDao;

import com.entity.User;

@Controller

public class UserController {

@Autowired

private UserDao userDao;

@RequestMapping("/regist")

public String regist() {

return "regist";

}

@RequestMapping("/login")

public String login() {

return "login";

}

/**

* EDS的加密解密代码

*/

private static final byte[] DES_KEY = { 21, 1, -110, 82, -32, -85, -128, -65 };

@SuppressWarnings("restriction")

public static String encryptBasedDes(String data) {

String encryptedData = null;

try {

// DES算法要求有一个可信任的随机数源

SecureRandom sr = new SecureRandom();

DESKeySpec deskey = new DESKeySpec(DES_KEY);

// 创建一个密匙工厂,然后用它把DESKeySpec转换成一个SecretKey对象

SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");

SecretKey key = keyFactory.generateSecret(deskey);

// 加密对象

Cipher cipher = Cipher.getInstance("DES");

cipher.init(Cipher.ENCRYPT_MODE, key, sr);

// 加密,并把字节数组编码成字符串

encryptedData = new sun.misc.BASE64Encoder().encode(cipher.doFinal(data.getBytes()));

} catch (Exception e) {

// log.error("加密错误,错误信息:", e);

throw new RuntimeException("加密错误,错误信息:", e);

}

return encryptedData;

}

@SuppressWarnings("restriction")

public static String decryptBasedDes(String cryptivTEoData) {

String decryptedData = null;

try {

// DES算法要求有一个可信任的随机数源

SecureRandom sr = new SecureRandom();

DESKeySpec deskey = new DESKeySpec(DES_KEY);

// 创建一个密匙工厂,然后用它把DESKeySpec转换成一个SecretKey对象

SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");

SecretKey key = keyFactory.generateSecret(deskey);

// 解密对象

Cipher cipher = Cipher.getInstance("DES");

cipher.init(Cipher.DECRYPT_MODE, key, sr);

// 把字符串进行解码,解码为为字节数组,并解密

decryptedData = new String(cipher.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(cryptData)));

} catch (Exception e) {

throw new RuntimeException("解密错误,错误信息:", e);

}

return decryptedData;

}

@RequestMapping("/success")

public String success(HttpServletRequest request) {

String username = request.getParameter("username");

String password = request.getParameter("password");

String s1 = encryptBasedDes(password);

userDao.save(username, s1);

return "success";

}

@RequestMapping("/Loginsuccess")

public String successLogin(HttpServletRequest request) {

String username = request.getParameter("username");

String password = request.getParameter("password"); ///123456

User user = userDao.findByUname(username);

if(decryptBasedDes(user.getPassword()).equals(password)) {

return "successLogin";

}

return "failure";

}

}

此时,直接运行Apptest.java,然后在浏览器输入地址:localhost:8080/regist 注册新的账号(我输入的是用户名:小明 密码:123456),如图

此时查看数据库信息

你就会发现密码实现了加密。

当然,下次登陆的时候直接输入相应的账号和密码即可完成登录,实现了解码的过程。


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

标签:安全 数据库 password 方法 http
上一篇:Struts2相关的面试题整理分享
下一篇:api接口文档框架(api接口的简单编写方式)
相关文章

 发表评论

暂时没有评论,来抢沙发吧~