通常不论是cms或者crm或者erp或者b2b等项目,对于登录注册全部都是加密的,注册对密码加密,登录比较加密后的密码。安全性在任何时候都是最重要的。
下面贴一下我个人比较常用的加密,加密又分可逆与不可逆,目前安全系数比较高的就是不可逆,当然通过技术还算可以破解得到明文的,但是有很多方式可以使破解的难度系数达到比较高的值,这样一来,部分黑客破解时,花费的时间周期就比较长,从而保证用户的账户一定程度是安全的。
框架:Spring+SpringMVC+MyBatis Plus 或MyBatis
JDK版本:JDK6以上 (本示例应用条件是JDK8)
MySQL版本:5.7(5.5应该也是可以的)
Maven项目:Maven3以上
Java工具类代码:
/** * 密码加密 */ public static String bcryptPwd(String pwd) { return BCrypt.hashpw(pwd, BCrypt.gensalt(12)); } /** * 验证密码正确性 * pwd 用户原来的密码 hashed用户新密码 */ public static boolean checkPwd(String pwd, String hashed) { try { return BCrypt.checkpw(pwd, hashed); } catch (Exception e) { e.printStackTrace(); return false; } }
需要导入的pom文件:
<dependency> <groupId>org.mindrot</groupId> <artifactId>jbcrypt</artifactId> <version>0.4</version> </dependency>
Controller代码:
注册代码:
/** * 账户注册 * @param request * @return */ @RequestMapping(value="/register",method=RequestMethod.POST,produces = "application/json;charset=utf-8") @ResponseBody public Map<String,Object> appRegister(HttpServletRequest request) { String mobile = request.getParameter("phone"); String password = request.getParameter("password"); String realName = request.getParameter("name"); logger.info("mobile = " + mobile + ", password = " + password + ", realName = " + realName); Map<String, Object> returnMap = new HashMap<String, Object>(); if(StringUtils.isEmpty(mobile) || StringUtils.isEmpty(password) || StringUtils.isEmpty(realName)) { returnMap.put("returnCode", "200033"); returnMap.put("returnMsg", "缺少参数"); }else { try { //根据手机号查询是否已注册 UserEntity user = userService.selectByMobile(mobile); if(user != null) { returnMap.put("returnCode", "111111"); returnMap.put("returnMsg", "该用户已存在"); }else { Map<String, Object> map = new HashMap<String, Object>(); //password = Md5Utils.md5(password); password = Tools.bcryptPwd(password); map.put("mobile", mobile); map.put("realName", realName); String userIdNum = ""; UserEntity u = userService.selectUserEntityDESCId(); if(u == null) { userIdNum = IdUtils.getUserIdNum(); }else { int parseInt = Integer.parseInt(u.getUserId()); userIdNum = ++parseInt + ""; System.out.println("parseInt = " + parseInt + ", userIdNum = " + userIdNum + ", parseInt+ = " + ++parseInt); } map.put("userId", userIdNum); //添加新用户 boolean result = userService.insertUserEntity(map); map.put("credential", password); //登录类型: 手机 map.put("identityType", Consts.IDENTITY_TYPE_1); //用户账号状态 : 正常(未审批) map.put("status", Consts.STATUS_0); //登录账户名 --- 手机号 map.put("identifier", mobile); SimpleDateFormat df = new SimpleDateFormat("yy-MM-dd HH:mm:ss"); String date= df.format(new Date()); map.put("registerTime", date); //保存用户授权信息表 boolean usera = userAuthsService.insertUserAuthsEntity(map); if(result && usera) { returnMap.put("returnCode", "000000"); returnMap.put("returnMsg", "success"); logger.info("注册成功"); returnMap.put("data", map); }else { returnMap.put("returnCode", "111111"); returnMap.put("returnMsg", "注册失败"); logger.error("注册失败"); } } } catch (Exception e) { e.printStackTrace(); returnMap.put("returnCode", "111111"); returnMap.put("returnMsg", "系统异常"); logger.error("系统异常"); } } return returnMap; }
登录代码:
/** * 登录验证功能 * @param mobile * @param password * @return */ @PostMapping(value="/Login") public String Login(String mobile,String password,HttpServletResponse response) { logger.info("用户手机号:"+mobile); logger.info("用户密码:"+password); //调用方法 EntityWrapper<UserEntity> wrapper = new EntityWrapper<UserEntity>(); wrapper.eq("mobile", mobile); UserEntity user = userService.selectOne(wrapper); EntityWrapper<UserAuthsEntity> wrapper2 = new EntityWrapper<UserAuthsEntity>(); wrapper2.eq("identifier", user.getMobile()); UserAuthsEntity userAuth = userAuthsService.selectOne(wrapper2); logger.info("userEntity:"+user.getMobile()); logger.info("userAuth:"+userAuth.getCredential()); Map<String,Object> map = new HashMap<String,Object>(); //账户和密码验证 logger.info("status:"+userAuth.getStatus()); if(userAuth.getStatus().equals(0)||userAuth.getStatus().equals(2)) { map.put("returnCode", "333333"); map.put("returnMsg","没有权限访问"); }else if(!userAuth.getIdentifier().equals(mobile)) { map.put("returnCode", "111111"); map.put("returnMsg","手机号有误"); }else if(!Tools.checkPwd(password, userAuth.getCredential())) { map.put("returnCode", "222222"); map.put("returnMsg","密码错误"); }else{ map.put("returnCode", "000000"); map.put("returnMsg","通过验证"); map.put("user", user); map.put("userAuth", userAuth); } return JSON.toJSONString(map); }
注意上述后台Controller代码是与ajax进行交互的