Springboot实现密码加密解密的示例分析
短信预约 -IT技能 免费直播动态提醒
这篇文章主要介绍了Springboot实现密码加密解密的示例分析,具有一定借鉴价值,感兴趣的朋友可以参考下,希望大家阅读完这篇文章之后大有收获,下面让小编带着大家一起了解一下。
现今对于大多数公司来说,信息安全工作尤为重要,就像京东,阿里巴巴这样的大公司来说,信息安全是最为重要的一个话题,举个简单的例子:
就像这样的密码公开化,很容易造成一定的信息的泄露。所以今天我们要讲的就是如何来实现密码的加密和解密来提高数据的安全性。
在这首先要引入springboot融合mybatis的知识,如果有这方面不懂得同学,就要首先看一看这方面的知识:
推荐大家一个比较好的博客: 程序猿DD-翟永超 http://blog.didispace.com/springbootmybatis/
为了方便大家的学习,我直接将源代码上传:
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.ninemax</groupId> <artifactId>spring-Login-test</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>war</packaging> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.3.2.RELEASE</version> <relativePath/> </parent> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>1.1.1</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>commons-dbcp</groupId> <artifactId>commons-dbcp</artifactId> </dependency> <dependency> <groupId>com.oracle</groupId> <artifactId>ojdbc14</artifactId> <version>10.2.0.3.0</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> <configuration> <skip>true</skip> </configuration> </plugin> </plugins> </build> </project>AppTest.java
package com;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;@SpringBootApplicationpublic class AppTest { public static void main(String[] args) { SpringApplication.run(AppTest.class, args); } }User.java
package com.entity;public class User { private String username; private String password; public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } @Override public String toString() { return "User [username=" + username + ", password=" + password + "]"; }}UserController.java
package com.controller;import java.security.SecureRandom;import javax.crypto.Cipher;import javax.crypto.SecretKey;import javax.crypto.SecretKeyFactory;import javax.crypto.spec.DESKeySpec;import javax.servlet.http.HttpServletRequest;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import com.dao.UserDao;import com.entity.User;@Controllerpublic class UserController { @Autowired private UserDao userDao; @RequestMapping("/regist") public String regist() { return "regist"; } @RequestMapping("/login") public String login() { return "login"; } @RequestMapping("/success") public String success(HttpServletRequest request) { String username = request.getParameter("username"); String password = request.getParameter("password"); userDao.save(username, password); return "success"; } @RequestMapping("/Loginsuccess") public String successLogin(HttpServletRequest request) { String username = request.getParameter("username"); String password = request.getParameter("password"); ///123456 User user = userDao.findByUname(username); if(user.getPassword().equals(password)) { return "successLogin"; } return "failure"; }}UserDao.java
package com.dao;import org.apache.ibatis.annotations.Insert;import org.apache.ibatis.annotations.Mapper;import org.apache.ibatis.annotations.Param;import org.apache.ibatis.annotations.Select;import com.entity.User;@Mapperpublic interface UserDao { @Insert("INSERT INTO LOGIN_NINE VALUES(#{username}, #{password})") void save(@Param("username")String username,@Param("password")String password); @Select("SELECT * FROM LOGIN_NINE WHERE username= #{username}") User findByUname(@Param("username")String username);}application.properties
spring.datasource.url=jdbc:oracle:thin:@10.236.4.251:1521:orclspring.datasource.username=hellospring.datasource.password=lisaspring.datasource.driver-class-name=oracle.jdbc.driver.OracleDriver还有一些静态HTML
(1.)regist.html
<!DOCTYPE html><html xmlns:th="http://www.thymeleaf.org"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>注册</title><style type="text/css"> h2 { text-align:center; font-size:35px; color:red; } div { text-align:center; } div input { margin:10px; }</style></head><body> <h2>注册账号</h2> <div> <form action="success" method="post"> 用户名<input type="text" name="username"/> <br/> 密码<input type="password" name = "password"/> <br/> <input type="submit" value="提交"/> <input type="reset"/> </form> </div></body></html>(2.)login.html
<!DOCTYPE html><html xmlns:th="http://www.thymeleaf.org"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>登录</title><style type="text/css"> h2 { text-align:center; font-size:35px; color:red; } div { text-align:center; } div input { margin:10px; } </style></head><body> <h2>欢迎登录</h2> <div> <form action="Loginsuccess" method="post"> 请输入用户名<input type="text" name="username"/> <br/> 请输入密码<input type="password" name = "password"/> <br/> <input type="submit" value="提交"/> <input type="reset"/> <br/> <a href="/regist" rel="external nofollow" >注册账号</a> </form> </div></body></html>(3.)success.html
<!DOCTYPE html><html xmlns:th="http://www.thymeleaf.org"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>注册成功</title><style type="text/css"> h2 { text-align:center; font-size:60px; color:green; } span { font-size:30px; color:green; }</style></head><body><h2>注册成功</h2><a href="/login" rel="external nofollow" >返回登录</a></body></html>(4.)failure.html
<!DOCTYPE html><html xmlns:th="http://www.thymeleaf.org"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>登录失败</title></head><body> 登录失败</body></html>(5.)successLogin.html
<!DOCTYPE html><html xmlns:th="http://www.thymeleaf.org"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>成功</title></head><body> success</body></html>代码的格式如下:
完成了这一步的话首先运行一下AppTest看是否出错,如果有错,自己找原因,这里就不和大家讨论了,写了这么多,才要要进入正题了
本文采取的是EDS的加密解密方法,方法也很简单,不用添加额外的jar包,只需要在UserController上做出简单的修改就可以了:
*****UserController.java
package com.controller;import java.security.SecureRandom;import javax.crypto.Cipher;import javax.crypto.SecretKey;import javax.crypto.SecretKeyFactory;import javax.crypto.spec.DESKeySpec;import javax.servlet.http.HttpServletRequest;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import com.dao.UserDao;import com.entity.User;@Controllerpublic class UserController { @Autowired private UserDao userDao; @RequestMapping("/regist") public String regist() { return "regist"; } @RequestMapping("/login") public String login() { return "login"; } private static final byte[] DES_KEY = { 21, 1, -110, 82, -32, -85, -128, -65 }; @SuppressWarnings("restriction") public static String encryptBasedDes(String data) { String encryptedData = null; try { // DES算法要求有一个可信任的随机数源 SecureRandom sr = new SecureRandom(); DESKeySpec deskey = new DESKeySpec(DES_KEY); // 创建一个密匙工厂,然后用它把DESKeySpec转换成一个SecretKey对象 SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES"); SecretKey key = keyFactory.generateSecret(deskey); // 加密对象 Cipher cipher = Cipher.getInstance("DES"); cipher.init(Cipher.ENCRYPT_MODE, key, sr); // 加密,并把字节数组编码成字符串 encryptedData = new sun.misc.BASE64Encoder().encode(cipher.doFinal(data.getBytes())); } catch (Exception e) { // log.error("加密错误,错误信息:", e); throw new RuntimeException("加密错误,错误信息:", e); } return encryptedData; } @SuppressWarnings("restriction") public static String decryptBasedDes(String cryptData) { String decryptedData = null; try { // DES算法要求有一个可信任的随机数源 SecureRandom sr = new SecureRandom(); DESKeySpec deskey = new DESKeySpec(DES_KEY); // 创建一个密匙工厂,然后用它把DESKeySpec转换成一个SecretKey对象 SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES"); SecretKey key = keyFactory.generateSecret(deskey); // 解密对象 Cipher cipher = Cipher.getInstance("DES"); cipher.init(Cipher.DECRYPT_MODE, key, sr); // 把字符串进行解码,解码为为字节数组,并解密 decryptedData = new String(cipher.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(cryptData))); } catch (Exception e) { throw new RuntimeException("解密错误,错误信息:", e); } return decryptedData; } @RequestMapping("/success") public String success(HttpServletRequest request) { String username = request.getParameter("username"); String password = request.getParameter("password"); String s1 = encryptBasedDes(password); userDao.save(username, s1); return "success"; } @RequestMapping("/Loginsuccess") public String successLogin(HttpServletRequest request) { String username = request.getParameter("username"); String password = request.getParameter("password"); ///123456 User user = userDao.findByUname(username); if(decryptBasedDes(user.getPassword()).equals(password)) { return "successLogin"; } return "failure"; }}此时,直接运行Apptest.java,然后在浏览器输入地址:localhost:8080/regist 注册新的账号(我输入的是用户名:小明 密码:123456),如图
此时查看数据库信息
你就会发现密码实现了加密。
当然,下次登陆的时候直接输入相应的账号和密码即可完成登录,实现了解码的过程。
springboot是什么
springboot一种全新的编程规范,其设计目的是用来简化新Spring应用的初始搭建以及开发过程,SpringBoot也是一个服务于框架的框架,服务范围是简化配置文件。
感谢你能够认真阅读完这篇文章,希望小编分享的“Springboot实现密码加密解密的示例分析”这篇文章对大家有帮助,同时也希望大家多多支持编程网,关注编程网行业资讯频道,更多相关知识等着你来学习!
免责声明:
① 本站未注明“稿件来源”的信息均来自网络整理。其文字、图片和音视频稿件的所属权归原作者所有。本站收集整理出于非商业性的教育和科研之目的,并不意味着本站赞同其观点或证实其内容的真实性。仅作为临时的测试数据,供内部测试之用。本站并未授权任何人以任何方式主动获取本站任何信息。
② 本站未注明“稿件来源”的临时测试数据将在测试完成后最终做删除处理。有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
