第十五章 加密演算法實例1--註冊登錄（消息摘要演算法）

15.1、原理步驟

• 註冊：註冊時，將用戶密碼加密放入資料庫
• 登錄：登錄時，將用戶密碼採用上述相同的演算法加密，之後再與資料庫中的信息進行比對，若相同，則登錄

15.2、實現（這裡採用了SHA256演算法，其他摘要演算法MD5/SHA1/MAC類似）

註意：這裡的程式是在我之前寫的一個maven+spring+springmvc+mybatis+velocity整合的文章上進行的修改，具體的框架搭建以及資料庫表結構等就不再啰嗦了，自己參考下邊這篇博客：

http://www.cnblogs.com/java-zhao/p/5096811.html

這裡只列出Java類。整個代碼結構如下：

UserController

 1 package com.xxx.web;
 2 
 3 import org.springframework.beans.factory.annotation.Autowired;
 4 import org.springframework.stereotype.Controller;
 5 import org.springframework.web.bind.annotation.RequestMapping;
 6 import org.springframework.web.bind.annotation.RequestParam;
 7 import org.springframework.web.bind.annotation.ResponseBody;
 8 import org.springframework.web.servlet.ModelAndView;
 9 
10 import com.xxx.model.User;
11 import com.xxx.service.UserService;
12 
13 @Controller
14 @RequestMapping("user")
15 public class UserController {
16     
17     @Autowired
18     private UserService userService;
19     
20     @ResponseBody
21     @RequestMapping("register")
22     public boolean register(@RequestParam("username") String username,
23                             @RequestParam("password") String password){
24         
25         return userService.register(username, password);
26     }
27     
28     @RequestMapping("login")
29     public ModelAndView login(@RequestParam("username") String username,
30                               @RequestParam("password") String password){
31         User user = userService.login(username, password);
32         
33         ModelAndView modelAndView = new ModelAndView();
34         if(user == null){
35             modelAndView.addObject("message", "用戶不存在或者密碼錯誤！請重新輸入");
36             modelAndView.setViewName("error");
37         }else{
38             modelAndView.addObject("user", user);
39             modelAndView.setViewName("userinfo");
40         }
41         
42         return modelAndView;
43     }
44 }

UserService（這裡是加解密的主戰場）

 1 package com.xxx.service;
 2 
 3 import java.io.UnsupportedEncodingException;
 4 import java.security.NoSuchAlgorithmException;
 5 
 6 import org.springframework.beans.factory.annotation.Autowired;
 7 import org.springframework.stereotype.Service;
 8 
 9 import com.util.encoder.ShaEncoder;
10 import com.xxx.dao.UserDAO;
11 import com.xxx.model.User;
12 
13 @Service
14 public class UserService {
15     
16     @Autowired
17     private UserDAO userDao;
18     
19     public boolean register(String username, String password){
20         User user = new User();
21         user.setUsername(username);
22         try {
23             user.setPassword(ShaEncoder.encodeSHAHex(password));//對密碼進行sha256加密
24         } catch (NoSuchAlgorithmException e) {
25             e.printStackTrace();
26         } catch (UnsupportedEncodingException e) {
27             e.printStackTrace();
28         }
29         return userDao.register(user);
30     }
31     
32     public User login(String username, String password) {
33         User user = null;
34         try {
35             user = userDao.login(username, ShaEncoder.encodeSHAHex(password));//對密碼進行sha256加密
36         } catch (NoSuchAlgorithmException e) {
37             e.printStackTrace();
38         } catch (UnsupportedEncodingException e) {
39             e.printStackTrace();
40         }
41         return user;
42     }
43 }

UserDAO

 1 package com.xxx.dao;
 2 
 3 import org.springframework.beans.factory.annotation.Autowired;
 4 import org.springframework.stereotype.Repository;
 5 
 6 import com.xxx.mapper.UserMapper;
 7 import com.xxx.model.User;
 8 
 9 @Repository
10 public class UserDAO {
11     
12     @Autowired
13     private UserMapper userMapper;
14     
15     public boolean register(User user){
16         return userMapper.insertUser(user)==1?true:false;
17     }
18     
19     public User login(String username ,String password){
20         return userMapper.selectByUsernameAndPwd(username, password);
21     }
22 }

UserMapper

 1 package com.xxx.mapper;
 2 
 3 import org.apache.ibatis.annotations.Insert;
 4 import org.apache.ibatis.annotations.Param;
 5 import org.apache.ibatis.annotations.Result;
 6 import org.apache.ibatis.annotations.Results;
 7 import org.apache.ibatis.annotations.Select;
 8 
 9 import com.xxx.model.User;
10 
11 public interface UserMapper {
12     
13     @Insert("INSERT INTO userinfo(username, password) VALUES(#{username},#{password})")
14     public int insertUser(User user);
15     
16     @Select("SELECT * FROM userinfo WHERE username = #{username} AND password = #{password}")
17     @Results(value = { @Result(id = true, column = "id", property = "id"),
18                        @Result(column = "username", property = "username"), 
19                        @Result(column = "password", property = "password")})
20     public User selectByUsernameAndPwd(@Param("username")String username ,@Param("password")String password);
21 }

ShaEncoder（這裡基於Commons Codec，即CC實現的Sha256工具類）

 1 package com.util.encoder;
 2 
 3 import java.io.UnsupportedEncodingException;
 4 import java.security.NoSuchAlgorithmException;
 5 import org.apache.commons.codec.digest.DigestUtils;
 6 
 7 public class ShaEncoder {
 8     private static final String ENCODING = "UTF-8";
 9     
10     public static String encodeSHAHex(String data) throws NoSuchAlgorithmException,UnsupportedEncodingException {
11         return new String(DigestUtils.sha256Hex(data.getBytes(ENCODING)));
12     }
13 }

代碼簡單易懂，自己去看邏輯，然後進行測試即可。

當然我們還可以在上述代碼的基礎上，為密碼加一點鹽（即用一個字元串與密碼相連），然後對加鹽後的字元串進行加密。代碼如下：

 1 package com.xxx.service;
 2 
 3 import java.io.UnsupportedEncodingException;
 4 import java.security.NoSuchAlgorithmException;
 5 
 6 import org.springframework.beans.factory.annotation.Autowired;
 7 import org.springframework.stereotype.Service;
 8 
 9 import com.util.encoder.ShaEncoder;
10 import com.xxx.dao.UserDAO;
11 import com.xxx.model.User;
12 
13 @Service
14 public class UserService {
15     
16     private static final String SALT = "nana";//鹽
17     
18     @Autowired
19     private UserDAO userDao;
20     
21     public boolean register(String username, String password){
22         User user = new User();
23         user.setUsername(username);
24         try {
25             user.setPassword(ShaEncoder.encodeSHAHex(SALT+password));//對加鹽的密碼進行sha256加密
26         } catch (NoSuchAlgorithmException e) {
27             e.printStackTrace();
28         } catch (UnsupportedEncodingException e) {
29             e.printStackTrace();
30         }
31         return userDao.register(user);
32     }
33     
34     public User login(String username, String password) {
35         User user = null;
36         try {
37             user = userDao.login(username, ShaEncoder.encodeSHAHex(SALT+password));//對加鹽的密碼進行sha256加密
38         } catch (NoSuchAlgorithmException e) {
39             e.printStackTrace();
40         } catch (UnsupportedEncodingException e) {
41             e.printStackTrace();
42         }
43         return user;
44     }
45 }

當然，這裡的鹽是一個固定的字元串（在實際使用中，這樣的做法最為常見），我們也可以對每個登錄的用戶使用他自己的姓名作為鹽（這樣每個人的鹽就不一樣了）。