15.1、原理步骤
- 注册:注册时,将用户密码加密放入数据库
- 登录:登录时,将用户密码采用上述相同的算法加密,之后再与数据库中的信息进行比对,若相同,则登录
15.2、实现(这里采用了SHA256算法,其他摘要算法MD5/SHA1/MAC类似)
注意:这里的程序是在我之前写的一个maven+spring+springmvc+mybatis+velocity整合的文章上进行的修改,具体的框架搭建以及数据库表结构等就不再啰嗦了,自己参考下边这篇博客:
http://www.cnblogs.com/java-zhao/p/5096811.html
这里只列出Java类。整个代码结构如下:
UserController
1 package com.xxx.web; 2 3 import org.springframework.beans.factory.annotation.Autowired; 4 import org.springframework.stereotype.Controller; 5 import org.springframework.web.bind.annotation.RequestMapping; 6 import org.springframework.web.bind.annotation.RequestParam; 7 import org.springframework.web.bind.annotation.ResponseBody; 8 import org.springframework.web.servlet.ModelAndView; 9 10 import com.xxx.model.User; 11 import com.xxx.service.UserService; 12 13 @Controller 14 @RequestMapping("user") 15 public class UserController { 16 17 @Autowired 18 private UserService userService; 19 20 @ResponseBody 21 @RequestMapping("register") 22 public boolean register(@RequestParam("username") String username, 23 @RequestParam("password") String password){ 24 25 return userService.register(username, password); 26 } 27 28 @RequestMapping("login") 29 public ModelAndView login(@RequestParam("username") String username, 30 @RequestParam("password") String password){ 31 User user = userService.login(username, password); 32 33 ModelAndView modelAndView = new ModelAndView(); 34 if(user == null){ 35 modelAndView.addObject("message", "用户不存在或者密码错误!请重新输入"); 36 modelAndView.setViewName("error"); 37 }else{ 38 modelAndView.addObject("user", user); 39 modelAndView.setViewName("userinfo"); 40 } 41 42 return modelAndView; 43 } 44 }
UserService(这里是加解密的主战场)
1 package com.xxx.service; 2 3 import java.io.UnsupportedEncodingException; 4 import java.security.NoSuchAlgorithmException; 5 6 import org.springframework.beans.factory.annotation.Autowired; 7 import org.springframework.stereotype.Service; 8 9 import com.util.encoder.ShaEncoder; 10 import com.xxx.dao.UserDAO; 11 import com.xxx.model.User; 12 13 @Service 14 public class UserService { 15 16 @Autowired 17 private UserDAO userDao; 18 19 public boolean register(String username, String password){ 20 User user = new User(); 21 user.setUsername(username); 22 try { 23 user.setPassword(ShaEncoder.encodeSHAHex(password));//对密码进行sha256加密 24 } catch (NoSuchAlgorithmException e) { 25 e.printStackTrace(); 26 } catch (UnsupportedEncodingException e) { 27 e.printStackTrace(); 28 } 29 return userDao.register(user); 30 } 31 32 public User login(String username, String password) { 33 User user = null; 34 try { 35 user = userDao.login(username, ShaEncoder.encodeSHAHex(password));//对密码进行sha256加密 36 } catch (NoSuchAlgorithmException e) { 37 e.printStackTrace(); 38 } catch (UnsupportedEncodingException e) { 39 e.printStackTrace(); 40 } 41 return user; 42 } 43 }
UserDAO
1 package com.xxx.dao; 2 3 import org.springframework.beans.factory.annotation.Autowired; 4 import org.springframework.stereotype.Repository; 5 6 import com.xxx.mapper.UserMapper; 7 import com.xxx.model.User; 8 9 @Repository 10 public class UserDAO { 11 12 @Autowired 13 private UserMapper userMapper; 14 15 public boolean register(User user){ 16 return userMapper.insertUser(user)==1?true:false; 17 } 18 19 public User login(String username ,String password){ 20 return userMapper.selectByUsernameAndPwd(username, password); 21 } 22 }
UserMapper
1 package com.xxx.mapper; 2 3 import org.apache.ibatis.annotations.Insert; 4 import org.apache.ibatis.annotations.Param; 5 import org.apache.ibatis.annotations.Result; 6 import org.apache.ibatis.annotations.Results; 7 import org.apache.ibatis.annotations.Select; 8 9 import com.xxx.model.User; 10 11 public interface UserMapper { 12 13 @Insert("INSERT INTO userinfo(username, password) VALUES(#{username},#{password})") 14 public int insertUser(User user); 15 16 @Select("SELECT * FROM userinfo WHERE username = #{username} AND password = #{password}") 17 @Results(value = { @Result(id = true, column = "id", property = "id"), 18 @Result(column = "username", property = "username"), 19 @Result(column = "password", property = "password")}) 20 public User selectByUsernameAndPwd(@Param("username")String username ,@Param("password")String password); 21 }
ShaEncoder(这里基于Commons Codec,即CC实现的Sha256工具类)
1 package com.util.encoder; 2 3 import java.io.UnsupportedEncodingException; 4 import java.security.NoSuchAlgorithmException; 5 import org.apache.commons.codec.digest.DigestUtils; 6 7 public class ShaEncoder { 8 private static final String ENCODING = "UTF-8"; 9 10 public static String encodeSHAHex(String data) throws NoSuchAlgorithmException,UnsupportedEncodingException { 11 return new String(DigestUtils.sha256Hex(data.getBytes(ENCODING))); 12 } 13 }
代码简单易懂,自己去看逻辑,然后进行测试即可。
当然我们还可以在上述代码的基础上,为密码加一点盐(即用一个字符串与密码相连),然后对加盐后的字符串进行加密。代码如下:
1 package com.xxx.service; 2 3 import java.io.UnsupportedEncodingException; 4 import java.security.NoSuchAlgorithmException; 5 6 import org.springframework.beans.factory.annotation.Autowired; 7 import org.springframework.stereotype.Service; 8 9 import com.util.encoder.ShaEncoder; 10 import com.xxx.dao.UserDAO; 11 import com.xxx.model.User; 12 13 @Service 14 public class UserService { 15 16 private static final String SALT = "nana";//盐 17 18 @Autowired 19 private UserDAO userDao; 20 21 public boolean register(String username, String password){ 22 User user = new User(); 23 user.setUsername(username); 24 try { 25 user.setPassword(ShaEncoder.encodeSHAHex(SALT+password));//对加盐的密码进行sha256加密 26 } catch (NoSuchAlgorithmException e) { 27 e.printStackTrace(); 28 } catch (UnsupportedEncodingException e) { 29 e.printStackTrace(); 30 } 31 return userDao.register(user); 32 } 33 34 public User login(String username, String password) { 35 User user = null; 36 try { 37 user = userDao.login(username, ShaEncoder.encodeSHAHex(SALT+password));//对加盐的密码进行sha256加密 38 } catch (NoSuchAlgorithmException e) { 39 e.printStackTrace(); 40 } catch (UnsupportedEncodingException e) { 41 e.printStackTrace(); 42 } 43 return user; 44 } 45 }