通常不論是cms或者crm或者erp或者b2b等項目,對於登錄注冊全部都是加密的,注冊對密碼加密,登錄比較加密后的密碼。安全性在任何時候都是最重要的。
下面貼一下我個人比較常用的加密,加密又分可逆與不可逆,目前安全系數比較高的就是不可逆,當然通過技術還算可以破解得到明文的,但是有很多方式可以使破解的難度系數達到比較高的值,這樣一來,部分黑客破解時,花費的時間周期就比較長,從而保證用戶的賬戶一定程度是安全的。
框架:Spring+SpringMVC+MyBatis Plus 或MyBatis
JDK版本:JDK6以上 (本示例應用條件是JDK8)
MySQL版本:5.7(5.5應該也是可以的)
Maven項目:Maven3以上
Java工具類代碼:
/** * 密碼加密 */ public static String bcryptPwd(String pwd) { return BCrypt.hashpw(pwd, BCrypt.gensalt(12)); } /** * 驗證密碼正確性 * pwd 用戶原來的密碼 hashed用戶新密碼 */ public static boolean checkPwd(String pwd, String hashed) { try { return BCrypt.checkpw(pwd, hashed); } catch (Exception e) { e.printStackTrace(); return false; } }
需要導入的pom文件:
<dependency> <groupId>org.mindrot</groupId> <artifactId>jbcrypt</artifactId> <version>0.4</version> </dependency>
Controller代碼:
注冊代碼:
/** * 賬戶注冊 * @param request * @return */ @RequestMapping(value="/register",method=RequestMethod.POST,produces = "application/json;charset=utf-8") @ResponseBody public Map<String,Object> appRegister(HttpServletRequest request) { String mobile = request.getParameter("phone"); String password = request.getParameter("password"); String realName = request.getParameter("name"); logger.info("mobile = " + mobile + ", password = " + password + ", realName = " + realName); Map<String, Object> returnMap = new HashMap<String, Object>(); if(StringUtils.isEmpty(mobile) || StringUtils.isEmpty(password) || StringUtils.isEmpty(realName)) { returnMap.put("returnCode", "200033"); returnMap.put("returnMsg", "缺少參數"); }else { try { //根據手機號查詢是否已注冊 UserEntity user = userService.selectByMobile(mobile); if(user != null) { returnMap.put("returnCode", "111111"); returnMap.put("returnMsg", "該用戶已存在"); }else { Map<String, Object> map = new HashMap<String, Object>(); //password = Md5Utils.md5(password); password = Tools.bcryptPwd(password); map.put("mobile", mobile); map.put("realName", realName); String userIdNum = ""; UserEntity u = userService.selectUserEntityDESCId(); if(u == null) { userIdNum = IdUtils.getUserIdNum(); }else { int parseInt = Integer.parseInt(u.getUserId()); userIdNum = ++parseInt + ""; System.out.println("parseInt = " + parseInt + ", userIdNum = " + userIdNum + ", parseInt+ = " + ++parseInt); } map.put("userId", userIdNum); //添加新用戶 boolean result = userService.insertUserEntity(map); map.put("credential", password); //登錄類型: 手機 map.put("identityType", Consts.IDENTITY_TYPE_1); //用戶賬號狀態 : 正常(未審批) map.put("status", Consts.STATUS_0); //登錄賬戶名 --- 手機號 map.put("identifier", mobile); SimpleDateFormat df = new SimpleDateFormat("yy-MM-dd HH:mm:ss"); String date= df.format(new Date()); map.put("registerTime", date); //保存用戶授權信息表 boolean usera = userAuthsService.insertUserAuthsEntity(map); if(result && usera) { returnMap.put("returnCode", "000000"); returnMap.put("returnMsg", "success"); logger.info("注冊成功"); returnMap.put("data", map); }else { returnMap.put("returnCode", "111111"); returnMap.put("returnMsg", "注冊失敗"); logger.error("注冊失敗"); } } } catch (Exception e) { e.printStackTrace(); returnMap.put("returnCode", "111111"); returnMap.put("returnMsg", "系統異常"); logger.error("系統異常"); } } return returnMap; }
登錄代碼:
/** * 登錄驗證功能 * @param mobile * @param password * @return */ @PostMapping(value="/Login") public String Login(String mobile,String password,HttpServletResponse response) { logger.info("用戶手機號:"+mobile); logger.info("用戶密碼:"+password); //調用方法 EntityWrapper<UserEntity> wrapper = new EntityWrapper<UserEntity>(); wrapper.eq("mobile", mobile); UserEntity user = userService.selectOne(wrapper); EntityWrapper<UserAuthsEntity> wrapper2 = new EntityWrapper<UserAuthsEntity>(); wrapper2.eq("identifier", user.getMobile()); UserAuthsEntity userAuth = userAuthsService.selectOne(wrapper2); logger.info("userEntity:"+user.getMobile()); logger.info("userAuth:"+userAuth.getCredential()); Map<String,Object> map = new HashMap<String,Object>(); //賬戶和密碼驗證 logger.info("status:"+userAuth.getStatus()); if(userAuth.getStatus().equals(0)||userAuth.getStatus().equals(2)) { map.put("returnCode", "333333"); map.put("returnMsg","沒有權限訪問"); }else if(!userAuth.getIdentifier().equals(mobile)) { map.put("returnCode", "111111"); map.put("returnMsg","手機號有誤"); }else if(!Tools.checkPwd(password, userAuth.getCredential())) { map.put("returnCode", "222222"); map.put("returnMsg","密碼錯誤"); }else{ map.put("returnCode", "000000"); map.put("returnMsg","通過驗證"); map.put("user", user); map.put("userAuth", userAuth); } return JSON.toJSONString(map); }
注意上述后台Controller代碼是與ajax進行交互的