Springboot實(shí)現(xiàn)密碼的加密解密

更新時(shí)間：2017年11月15日 10:10:26 作者：卡索的意志

這篇文章主要為大家詳細(xì)介紹了Springboot實(shí)現(xiàn)密碼的加密解密，具有一定的參考價(jià)值，感興趣的小伙伴們可以參考一下

現(xiàn)今對于大多數(shù)公司來說，信息安全工作尤為重要，就像京東，阿里巴巴這樣的大公司來說，信息安全是最為重要的一個(gè)話題，舉個(gè)簡單的例子：

就像這樣的密碼公開化，很容易造成一定的信息的泄露。所以今天我們要講的就是如何來實(shí)現(xiàn)密碼的加密和解密來提高數(shù)據(jù)的安全性。

在這首先要引入springboot融合mybatis的知識，如果有這方面不懂得同學(xué)，就要首先看一看這方面的知識：

推薦大家一個(gè)比較好的博客：程序猿DD-翟永超 http://blog.didispace.com/springbootmybatis/

為了方便大家的學(xué)習(xí)，我直接將源代碼上傳：

1.pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 <modelVersion>4.0.0</modelVersion>
 <groupId>com.ninemax</groupId>
 <artifactId>spring-Login-test</artifactId>
 <version>0.0.1-SNAPSHOT</version>
 <packaging>war</packaging>
 
   <parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.3.2.RELEASE</version>
    <relativePath/>
  </parent>

  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <java.version>1.8</java.version>
  </properties>

  <dependencies>
    
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter</artifactId>
    </dependency>

    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-test</artifactId>
      <scope>test</scope>
    </dependency>

    <dependency>
      <groupId>org.mybatis.spring.boot</groupId>
      <artifactId>mybatis-spring-boot-starter</artifactId>
      <version>1.1.1</version>
    </dependency>

    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
      <groupId>commons-dbcp</groupId>
      <artifactId>commons-dbcp</artifactId>
    </dependency>

    <dependency>
      <groupId>com.oracle</groupId>
      <artifactId>ojdbc14</artifactId>
      <version>10.2.0.3.0</version>
    </dependency>
    
    
     <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>
    
    
  </dependencies>

  <build>
    <plugins>
      <plugin>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-maven-plugin</artifactId>
      </plugin>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-surefire-plugin</artifactId>
        <configuration>
          <skip>true</skip>
        </configuration>
      </plugin>
    </plugins>
  </build>
  
 
</project>

2. AppTest.java

package com;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class AppTest {
   public static void main(String[] args) {
     SpringApplication.run(AppTest.class, args);
   }
   
}

3.User.java

package com.entity;

public class User {

  private String username;
  private String password;
  
  public String getUsername() {
    return username;
  }
  public void setUsername(String username) {
    this.username = username;
  }
  public String getPassword() {
    return password;
  }
  public void setPassword(String password) {
    this.password = password;
  }
  @Override
  public String toString() {
    return "User [username=" + username + ", password=" + password + "]";
  }

}

4.UserController.java

package com.controller;

import java.security.SecureRandom;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import com.dao.UserDao;
import com.entity.User;

@Controller
public class UserController {

   @Autowired
   private UserDao userDao;
   
   @RequestMapping("/regist")
   public String regist() {
     return "regist";
   }
   
   @RequestMapping("/login")
   public String login() {
     return "login";
   }
    
   @RequestMapping("/success")
   public String success(HttpServletRequest request) {
     String username = request.getParameter("username");
     String password = request.getParameter("password");
     
     userDao.save(username, password);
     return "success";
   }
   
   @RequestMapping("/Loginsuccess")
   public String successLogin(HttpServletRequest request) {
     String username = request.getParameter("username");
     String password = request.getParameter("password"); ///123456
     User user = userDao.findByUname(username);
       if(user.getPassword().equals(password)) {
         return "successLogin";
       }
       return "failure";
   }
}

5.UserDao.java

package com.dao;

import org.apache.ibatis.annotations.Insert;
import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.annotations.Select;

import com.entity.User;

@Mapper
public interface UserDao {
   @Insert("INSERT INTO LOGIN_NINE VALUES(#{username}, #{password})")
   void save(@Param("username")String username,@Param("password")String password);
   
   @Select("SELECT * FROM LOGIN_NINE WHERE username= #{username}")
   User findByUname(@Param("username")String username);
}

6.application.properties

spring.datasource.url=jdbc:oracle:thin:@10.236.4.251:1521:orcl
spring.datasource.username=hello
spring.datasource.password=lisa
spring.datasource.driver-class-name=oracle.jdbc.driver.OracleDriver

7.還有一些靜態(tài)HTML

(1.)regist.html

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>注冊</title>

<style type="text/css">
  h1 {
   text-align:center;
   font-size:35px;
   color:red;
  }
  div {
   text-align:center;
  }
  div input {
   margin:10px;
  }
</style>
</head>
<body>
   <h1>注冊賬號</h1>
   <div>
   <form action="success" method="post"> 
                 用戶名<input type="text" name="username"/> <br/>
                 密碼<input type="password" name = "password"/> <br/>
      <input type="submit" value="提交"/> &nbsp;
      <input type="reset"/> 
              
   </form>
   </div>
</body>
</html>

(2.)login.html

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>登錄</title>

<style type="text/css">
  h1 {
   text-align:center;
   font-size:35px;
   color:red;
  }
  div {
   text-align:center;
  }
  div input {
   margin:10px;
  }
  
</style>
</head>
<body>
   <h1>歡迎登錄</h1>
   <div>
   <form action="Loginsuccess" method="post"> 
                 請輸入用戶名<input type="text" name="username"/> <br/>
                 請輸入密碼<input type="password" name = "password"/> <br/>
      <input type="submit" value="提交"/> &nbsp;
      <input type="reset"/>   <br/>
      <a href="/regist" rel="external nofollow" >注冊賬號</a>         
   </form>
   </div>
</body>
</html>

(3.)success.html

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>注冊成功</title>
<style type="text/css">
  h1 {
   text-align:center;
   font-size:60px;
   color:green;
  }
  span {
   font-size:30px;
   color:green;
  }
</style>
</head>
<body>
<h1>注冊成功</h1>
<a href="/login" rel="external nofollow" >返回登錄</a>
</body>
</html>

(4.)failure.html

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>登錄失敗</title>

</head>
<body>
     登錄失敗
</body>
</html>

(5.)successLogin.html

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>成功</title>
</head>
<body>
   success
</body>
</html>

代碼的格式如下：

完成了這一步的話首先運(yùn)行一下AppTest看是否出錯(cuò)，如果有錯(cuò)，自己找原因，這里就不和大家討論了，寫了這么多，才要要進(jìn)入正題了

本文采取的是EDS的加密解密方法，方法也很簡單，不用添加額外的jar包，只需要在UserController上做出簡單的修改就可以了：

*****UserController.java

package com.controller;

import java.security.SecureRandom;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import com.dao.UserDao;
import com.entity.User;

@Controller
public class UserController {

   @Autowired
   private UserDao userDao;
   
   @RequestMapping("/regist")
   public String regist() {
     return "regist";
   }
   
   @RequestMapping("/login")
   public String login() {
     return "login";
   }
   
   /**
    * EDS的加密解密代碼
    */
   private static final byte[] DES_KEY = { 21, 1, -110, 82, -32, -85, -128, -65 };
    @SuppressWarnings("restriction")
    public static String encryptBasedDes(String data) {
      String encryptedData = null;
      try {
        // DES算法要求有一個(gè)可信任的隨機(jī)數(shù)源
        SecureRandom sr = new SecureRandom();
        DESKeySpec deskey = new DESKeySpec(DES_KEY);
        // 創(chuàng)建一個(gè)密匙工廠，然后用它把DESKeySpec轉(zhuǎn)換成一個(gè)SecretKey對象
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
        SecretKey key = keyFactory.generateSecret(deskey);
        // 加密對象
        Cipher cipher = Cipher.getInstance("DES");
        cipher.init(Cipher.ENCRYPT_MODE, key, sr);
        // 加密，并把字節(jié)數(shù)組編碼成字符串
        encryptedData = new sun.misc.BASE64Encoder().encode(cipher.doFinal(data.getBytes()));
      } catch (Exception e) {
        // log.error("加密錯(cuò)誤，錯(cuò)誤信息：", e);
        throw new RuntimeException("加密錯(cuò)誤，錯(cuò)誤信息：", e);
      }
      return encryptedData;
    }
    @SuppressWarnings("restriction")
    public static String decryptBasedDes(String cryptData) {
      String decryptedData = null;
      try {
        // DES算法要求有一個(gè)可信任的隨機(jī)數(shù)源
        SecureRandom sr = new SecureRandom();
        DESKeySpec deskey = new DESKeySpec(DES_KEY);
        // 創(chuàng)建一個(gè)密匙工廠，然后用它把DESKeySpec轉(zhuǎn)換成一個(gè)SecretKey對象
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
        SecretKey key = keyFactory.generateSecret(deskey);
        // 解密對象
        Cipher cipher = Cipher.getInstance("DES");
        cipher.init(Cipher.DECRYPT_MODE, key, sr);
        // 把字符串進(jìn)行解碼，解碼為為字節(jié)數(shù)組，并解密
        decryptedData = new String(cipher.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(cryptData)));
      } catch (Exception e) {
        throw new RuntimeException("解密錯(cuò)誤，錯(cuò)誤信息：", e);
      }
      return decryptedData;
    }
    
   @RequestMapping("/success")
   public String success(HttpServletRequest request) {
     String username = request.getParameter("username");
     String password = request.getParameter("password");
     String s1 = encryptBasedDes(password);
     userDao.save(username, s1);
     return "success";
   }
   
   @RequestMapping("/Loginsuccess")
   public String successLogin(HttpServletRequest request) {
     String username = request.getParameter("username");
     String password = request.getParameter("password"); ///123456
     User user = userDao.findByUname(username);
       if(decryptBasedDes(user.getPassword()).equals(password)) {
         return "successLogin";
       }
       return "failure";
   }
}

此時(shí)，直接運(yùn)行Apptest.java,然后在瀏覽器輸入地址：localhost:8080/regist 注冊新的賬號(我輸入的是用戶名：小明密碼：123456)，如圖