发表于: 2017-05-04 23:30:57
2 1295
今天完成的事:
1、用DES对ID+当前系统时间进行加密生成token放入cookie中,使用MD5对用户密码进行加密存入数据库
2、使用拦截器拦截包含/u/字段的URL判断token的有效性,
@Component
public class DesUtil {
//加密部分
public static byte[] encrypt(String datasource,String password){
try {
SecureRandom random =new SecureRandom();
DESKeySpec desKey=new DESKeySpec(password.getBytes());
//穿件一个秘钥工厂,然后用它把DESKeySpec转换
SecretKeyFactory keyFactory=SecretKeyFactory.getInstance("DES");
SecretKey secretKey =keyFactory.generateSecret(desKey);
//Cipher对象实际完成加密操作
Cipher cipher =Cipher.getInstance("DES");
cipher.init(Cipher.ENCRYPT_MODE,secretKey,random);
// 现在获取数据并加密
// 正式执行加密操作
return cipher.doFinal(datasource.getBytes());
}catch (Throwable e){
e.printStackTrace();
}
return null;
}
/*
*解密过程
*/
public static byte[] decrypt(byte[] src,String password) throws Exception{
// DES算法要求一个可信任的随即资源
SecureRandom random = new SecureRandom();
// 创建一个DESKeySpec对象
DESKeySpec desKey = new DESKeySpec(password.getBytes());
// 创建一个秘钥工厂
SecretKeyFactory keyFactory =SecretKeyFactory.getInstance("DES");
// 讲DES对象转换为SecretKey对象
SecretKey secretKey =keyFactory.generateSecret(desKey);
// Cipher对象实际完成解密操作
Cipher cipher =Cipher.getInstance("DES");
// 用秘钥初始化Cipher对象
cipher.init(Cipher.DECRYPT_MODE,secretKey,random);
// 真正的开始解密操作
return cipher.doFinal(src);
}
public class MD5Util {
public static String stringToMD5(String string){
MessageDigest md=null;
try {
md=MessageDigest.getInstance("MD5");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
//计算md5函数
md.update(string.getBytes());
//digest()最后确定返回md5 hash值,返回值为8位字符串。因为md5 hash值是16位的hex值,实际上就是8位的字符
// BigInteger函数则将8位的字符串换成16位的hex值,用字符串来表示;得到字符形式的hash值
return new BigInteger(1,md.digest()).toString(16);
}
public class LoginInterceptor implements HandlerInterceptor {
Logger log=Logger.getLogger(LoginInterceptor.class);
@Autowired
private StudentService studentService;
@Autowired
UserService userService;
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
log.info("拦截器被调用");
Cookie[] cookies=httpServletRequest.getCookies();
if(cookies!=null){
for (Cookie cookie:cookies){
log.info("cookie不为空:正在遍历");
if(cookie.getName().equals("token")){
String token=cookie.getValue();
byte[] tk1=DesUtil.decrypt(TypeUtil.hexStringToByte(token),"12345678");
String tk2=new String(tk1);
String id="";
String time="";
log.info("将cookie中的token进行解密中");
for (int j = 0; j < tk2.length(); j++) {
char c=tk2.charAt(j);
if(c=='='){
for (int k = j+1; k < tk2.length(); k++) {
time=time+tk2.charAt(k);
}
break;
}
id=id+c;
log.info(" 截取后的ID值为:"+id);
}
if(userService.selectById(Integer.parseInt(id))!=null){
return true;
}
}
}
httpServletRequest.getSession();
String contextpath=httpServletRequest.getScheme()+"://"+httpServletRequest.getServerName()+":"+httpServletRequest.getServerPort()+httpServletRequest.getContextPath();
String uri=contextpath+"/login";
httpServletResponse.sendRedirect(uri);
return true;
}
return false;
}
@RequestMapping("/loginer")
public String login(
HttpServletRequest request,
HttpServletResponse response,
@RequestParam String UserName,
@RequestParam String pwd
){
log.info("login方法被调用!name="+UserName+",password="+pwd);
String md= MD5Util.stringToMD5(pwd);
User user=new User();
user.setUserName(UserName);
user.setPwd(md);
int id=userService.select(user).getId();
log.info("===1");
if(userService.select(user)!=null){
String source=id+"="+System.currentTimeMillis();
// String token=new String(DesUtil.encrypt(source,"12345678"));
String token= TypeUtil.bytesToHexString(DesUtil.encrypt(source,"12345678"));
Cookie name3=new Cookie("token",token);
name3.setMaxAge(60*60*24);
log.info("===2");
response.addCookie(name3);
return "redirect:/home";
}else {
return "login";
}
}
<!--配置拦截器-->
<mvc:interceptors>
<mvc:interceptor>
<!--匹配的事uri路径,如果不配置或/**,将拦截所有的controller-->
<mvc:mapping path="/u/*"/>
<bean class="com.jnshu.util.LoginInterceptor"></bean>
</mvc:interceptor>
<!--当配置多个拦截器时,先按顺序调用preHandle方法,然后逆序调用每个拦截器的postHandle和afterCompletion方法-->
</mvc:interceptors>
public class TypeUtil {
/**
* 把16进制字符串转换成字节数组
*
* @param hex
* @return
*/
public static byte[] hexStringToByte(String hex) {
int len = (hex.length() / 2);
byte[] result = new byte[len];
char[] achar = hex.toCharArray();
for (int i = 0; i < len; i++) {
int pos = i * 2;
result[i] = (byte) (toByte(achar[pos]) << 4 | toByte(achar[pos + 1]));
}
return result;
}
private static byte toByte(char c) {
byte b = (byte) "0123456789ABCDEF".indexOf(c);
return b;
}
/**
* 把字节数组转换成16进制字符串
*
* @param bArray
* @return
*/
public static String bytesToHexString(byte[] bArray) {
StringBuffer sb = new StringBuffer(bArray.length);
String sTemp;
for (int i = 0; i < bArray.length; i++) {
sTemp = Integer.toHexString(0xFF & bArray[i]);
if (sTemp.length() < 2)
sb.append(0);
sb.append(sTemp.toUpperCase());
}
return sb.toString();
}
明天计划的事:学习任务六
问题:在对t11页面的控制器Rquestmapping添加/u/前缀后,t11 页面加载不到静态文件(css、js、image)使用相对路径“../”能访加载到,使用绝对路径却访问不到(同门那边使用绝对路径却可以访问)
收获:简单的MD5加密,DES加密解密,token,cookie,拦截器使用
总结:好好学习!
评论