現今對於大多數公司來說,信息安全工作尤為重要,就像京東,阿裡巴巴這樣的大公司來說,信息安全是最為重要的一個話題,舉個簡單的例子: 就像這樣的密碼公開化,很容易造成一定的信息的泄露。所以今天我們要講的就是如何來實現密碼的加密和解密來提高數據的安全性。 在這首先要引入springboot融合mybati ...
現今對於大多數公司來說,信息安全工作尤為重要,就像京東,阿裡巴巴這樣的大公司來說,信息安全是最為重要的一個話題,舉個簡單的例子:
就像這樣的密碼公開化,很容易造成一定的信息的泄露。所以今天我們要講的就是如何來實現密碼的加密和解密來提高數據的安全性。
在這首先要引入springboot融合mybatis的知識,如果有這方面不懂得同學,就要首先看一看這方面的知識:
推薦大家一個比較好的博客: 程式猿DD-翟永超 http://blog.didispace.com/springbootmybatis/
為了方便大家的學習,我直接將源代碼上傳:
1.pom.xml
1 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
2 <modelVersion>4.0.0</modelVersion>
3 <groupId>com.ninemax</groupId>
4 <artifactId>spring-Login-test</artifactId>
5 <version>0.0.1-SNAPSHOT</version>
6 <packaging>war</packaging>
7
8 <parent>
9 <groupId>org.springframework.boot</groupId>
10 <artifactId>spring-boot-starter-parent</artifactId>
11 <version>1.3.2.RELEASE</version>
12 <relativePath/>
13 </parent>
14
15 <properties>
16 <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
17 <java.version>1.8</java.version>
18 </properties>
19
20 <dependencies>
21
22 <dependency>
23 <groupId>org.springframework.boot</groupId>
24 <artifactId>spring-boot-starter</artifactId>
25 </dependency>
26
27 <dependency>
28 <groupId>org.springframework.boot</groupId>
29 <artifactId>spring-boot-starter-test</artifactId>
30 <scope>test</scope>
31 </dependency>
32
33 <dependency>
34 <groupId>org.mybatis.spring.boot</groupId>
35 <artifactId>mybatis-spring-boot-starter</artifactId>
36 <version>1.1.1</version>
37 </dependency>
38
39 <dependency>
40 <groupId>org.springframework.boot</groupId>
41 <artifactId>spring-boot-starter-web</artifactId>
42 </dependency>
43
44 <dependency>
45 <groupId>commons-dbcp</groupId>
46 <artifactId>commons-dbcp</artifactId>
47 </dependency>
48
49 <dependency>
50 <groupId>com.oracle</groupId>
51 <artifactId>ojdbc14</artifactId>
52 <version>10.2.0.3.0</version>
53 </dependency>
54
55
56 <dependency>
57 <groupId>org.springframework.boot</groupId>
58 <artifactId>spring-boot-starter-thymeleaf</artifactId>
59 </dependency>
60
61
62 </dependencies>
63
64 <build>
65 <plugins>
66 <plugin>
67 <groupId>org.springframework.boot</groupId>
68 <artifactId>spring-boot-maven-plugin</artifactId>
69 </plugin>
70 <plugin>
71 <groupId>org.apache.maven.plugins</groupId>
72 <artifactId>maven-surefire-plugin</artifactId>
73 <configuration>
74 <skip>true</skip>
75 </configuration>
76 </plugin>
77 </plugins>
78 </build>
79
80
81 </project>
View Code
2. AppTest.java
package com; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication public class AppTest { public static void main(String[] args) { SpringApplication.run(AppTest.class, args); } }View Code
3.User.java
package com.entity; public class User { private String username; private String password; public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } @Override public String toString() { return "User [username=" + username + ", password=" + password + "]"; } }View Code
4.UserController.java
package com.controller; import java.security.SecureRandom; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.DESKeySpec; import javax.servlet.http.HttpServletRequest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import com.dao.UserDao; import com.entity.User; @Controller public class UserController { @Autowired private UserDao userDao; @RequestMapping("/regist") public String regist() { return "regist"; } @RequestMapping("/login") public String login() { return "login"; } @RequestMapping("/success") public String success(HttpServletRequest request) { String username = request.getParameter("username"); String password = request.getParameter("password"); userDao.save(username, password); return "success"; } @RequestMapping("/Loginsuccess") public String successLogin(HttpServletRequest request) { String username = request.getParameter("username"); String password = request.getParameter("password"); ///123456 User user = userDao.findByUname(username); if(user.getPassword().equals(password)) { return "successLogin"; } return "failure"; } }View Code
5.UserDao.java
package com.dao; import org.apache.ibatis.annotations.Insert; import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Select; import com.entity.User; @Mapper public interface UserDao { @Insert("INSERT INTO LOGIN_NINE VALUES(#{username}, #{password})") void save(@Param("username")String username,@Param("password")String password); @Select("SELECT * FROM LOGIN_NINE WHERE username= #{username}") User findByUname(@Param("username")String username); }View Code
6.application.properties
spring.datasource.url=jdbc:oracle:thin:@10.236.4.251:1521:orcl spring.datasource.username=hello spring.datasource.password=lisa spring.datasource.driver-class-name=oracle.jdbc.driver.OracleDriverapplication.properties
7.還有一些靜態HTML
(1.)regist.html
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>註冊</title> <style type="text/css"> h1 { text-align:center; font-size:35px; color:red; } div { text-align:center; } div input { margin:10px; } </style> </head> <body> <h1>註冊賬號</h1> <div> <form action="success" method="post"> 用戶名<input type="text" name="username"/> <br/> 密碼<input type="password" name = "password"/> <br/> <input type="submit" value="提交"/> <input type="reset"/> </form> </div> </body> </html>View Code
(2.)login.html
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>登錄</title> <style type="text/css"> h1 { text-align:center; font-size:35px; color:red; } div { text-align:center; } div input { margin:10px; } </style> </head> <body> <h1>歡迎登錄</h1> <div> <form action="Loginsuccess" method="post"> 請輸入用戶名<input type="text" name="username"/> <br/> 請輸入密碼<input type="password" name = "password"/> <br/> <input type="submit" value="提交"/> <input type="reset"/> <br/> <a href="/regist">註冊賬號</a> </form> </div> </body> </html>View Code
(3.)success.html
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>註冊成功</title> <style type="text/css"> h1 { text-align:center; font-size:60px; color:green; } span { font-size:30px; color:green; } </style> </head> <body> <h1>註冊成功</h1> <a href="/login">返回登錄</a> </body> </html>View Code
(4.)failure.html
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>登錄失敗</title> </head> <body> 登錄失敗 </body> </html>View Code
(5.)successLogin.html
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>成功</title> </head> <body> success </body> </html>View Code
代碼的格式如下:
完成了這一步的話首先運行一下AppTest看是否出錯,如果有錯,自己找原因,這裡就不和大家討論了,寫了這麼多,才要要進入正題了
本文采取的是EDS的加密解密方法,方法也很簡單,不用添加額外的jar包,只需要在UserController上做出簡單的修改就可以了:
*****UserController.java
package com.controller; import java.security.SecureRandom; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.DESKeySpec; import javax.servlet.http.HttpServletRequest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import com.dao.UserDao; import com.entity.User; @Controller public class UserController { @Autowired private UserDao userDao; @RequestMapping("/regist") public String regist() { return "regist"; } @RequestMapping("/login") public String login() { return "login"; } /** * EDS的加密解密代碼 */ private static final byte[] DES_KEY = { 21, 1, -110, 82, -32, -85, -128, -65 }; @SuppressWarnings("restriction") public static String encryptBasedDes(String data) { String encryptedData = null; try { // DES演算法要求有一個可信任的隨機數源 SecureRandom sr = new SecureRandom(); DESKeySpec deskey = new DESKeySpec(DES_KEY); // 創建一個密匙工廠,然後用它把DESKeySpec轉換成一個SecretKey對象 SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES"); SecretKey key = keyFactory.generateSecret(deskey); // 加密對象 Cipher cipher = Cipher.getInstance("DES"); cipher.init(Cipher.ENCRYPT_MODE, key, sr); // 加密,並把位元組數組編碼成字元串 encryptedData = new sun.misc.BASE64Encoder().encode(cipher.doFinal(data.getBytes())); } catch (Exception e) { // log.error("加密錯誤,錯誤信息:", e); throw new RuntimeException("加密錯誤,錯誤信息:", e); } return encryptedData; } @SuppressWarnings("restriction") public static String decryptBasedDes(String cryptData) { String decryptedData = null; try { // DES演算法要求有一個可信任的隨機數源 SecureRandom sr = new SecureRandom(); DESKeySpec deskey = new DESKeySpec(DES_KEY); // 創建一個密匙工廠,然後用它把DESKeySpec轉換成一個SecretKey對象 SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES"); SecretKey key = keyFactory.generateSecret(deskey); // 解密對象 Cipher cipher = Cipher.getInstance("DES"); cipher.init(Cipher.DECRYPT_MODE, key, sr); // 把字元串進行解碼,解碼為為位元組數組,並解密 decryptedData = new String(cipher.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(cryptData))); } catch (Exception e) { throw new RuntimeException("解密錯誤,錯誤信息:", e); } return decryptedData; } @RequestMapping("/success") public String success(HttpServletRequest request) { String username = request.getParameter("username"); String password = request.getParameter("password"); String s1 = encryptBasedDes(password); userDao.save(username, s1); return "success"; } @RequestMapping("/Loginsuccess") public String successLogin(HttpServletRequest request) { String username = request.getParameter("username"); String password = request.getParameter("password"); ///123456 User user = userDao.findByUname(username); if(decryptBasedDes(user.getPassword()).equals(password)) { return "successLogin"; } return "failure"; } }View Code
此時,直接運行Apptest.java,然後在瀏覽器輸入地址:localhost:8080/regist 註冊新的賬號(我輸入的是用戶名:小明 密碼:123456),如圖
此時查看資料庫信息
你就會發現密碼實現了加密
當然,下次登陸的時候直接輸入相應的賬號和密碼即可完成登錄,實現瞭解碼的過程
不知道大家完成的怎麼樣了,如果出現問題,可以在下麵進行留言,我會為大家進行解答.
