[英]how to encrypt password using spring hibernate in java
所以我的問題是這樣的,我有一個在每個導航頁面上都有一個注冊按鈕的jsp,我想使用spring和hibernate加密我的密碼,但不幸的是我不知道如何..即使使用spring和hibernate我也沒有' t 實際上得到它是如何工作的。 而且我還有一個加密類,我正在考慮在我的用戶類中對其進行加密,但我知道登錄時會導致問題......順便說一下,這是我的代碼
控制器中的代碼
@Controller
@RequestMapping("/ecomplain")
public class ComplainController
{
@Autowired
private UserService userService;
@Autowired
private ComplainService complainService;
@RequestMapping(value = "/Homepage")
public String showHomepage(Map<String, Object> map)
{
map.put("users", new Users());
return "/ecomplain/Homepage";
}
@RequestMapping(value = "/ComplaintForm")
public String showComplainForm(Map<String, Object> map)
{
map.put("users", new Users());
map.put("complains", new Complains());
return "/ecomplain/ComplaintForm";
}
@RequestMapping(value = "/CrimeForum")
public String showCrimeForum(Map<String, Object> map)
{
map.put("users", new Users());
map.put("complains", new Complains());
map.put("complainList", complainService.listComplains());
return "/ecomplain/CrimeForum";
}
@RequestMapping(value = "/About")
public String showAbout(Map<String, Object> map)
{
map.put("users", new Users());
return "/ecomplain/About";
}
@RequestMapping("/get/{userId}")
public String getUsers(@PathVariable Long userId, Map<String, Object> map)
{
Users users = userService.getUsers(userId);
map.put("users", users);
return "/ecomplain/CreateUserForm";
}
@RequestMapping("/getComplain/{complainId}")
public String getComplains(@PathVariable Long complainId, Map<String, Object> map)
{
Complains complains = complainService.getComplains(complainId);
map.put("complains", complains);
return "/ecomplain/ComplainDetails";
}
@RequestMapping(value = "/save", method = RequestMethod.POST)
public String saveUsers(@ModelAttribute("users") Users users, BindingResult result)
{
userService.saveUsers(users);
return "redirect:listBooks";
}
@RequestMapping(value = "/savecomplain", method = RequestMethod.POST)
public String saveComplains(@ModelAttribute("complains") Complains complains, BindingResult result)
{
complainService.saveComplains(complains);
return "redirect:ComplaintForm";
}
@RequestMapping("/delete/{userId}")
public String deleteUsers(@PathVariable("userId") Long userId)
{
userService.deleteUsers(userId);
return "redirect:/ecomplain/Homepage";
}
@RequestMapping("/delete/{complainId}")
public String deleteComplains(@PathVariable("complainId") Long complainId)
{
complainService.deleteComplains(complainId);
return "redirect:/ecomplain/Homepage";
}
}
用戶類
@Entity
@Table(name = "users")
public class Users
{
private Long userId;
private String email;
private String username;
private String password;
private String location;
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
public Long getUserId()
{
return userId;
}
@Column(nullable = false)
public String getEmail()
{
return email;
}
@Column(nullable = false, unique = true)
public String getUsername()
{
return username;
}
@Column(nullable = false)
public String getPassword()
{
return password;
}
@Column(nullable = false)
public String getLocation()
{
return location;
}
public void setUserId(Long userId)
{
this.userId = userId;
}
public void setEmail(String email)
{
this.email = email;
}
public void setUsername(String username)
{
this.username = username;
}
public void setPassword(String password)
{
this.password = password;
}
public void setLocation(String location)
{
this.location = location;
}
}
用戶道
public interface UsersDao
{
public void saveUsers(Users users);
public List<Users> listUsers();
public Users getUsers(Long userId);
public void deleteUsers(Long userId);
}
UsersDaoImpl
@Repository
public class UsersDaoImpl implements UsersDao
{
@Autowired
private SessionFactory sessionFactory;
public void saveUsers(Users users)
{
getSession().merge(users);
}
public List<Users> listUsers()
{
return getSession().createCriteria(Users.class).list();
}
public Users getUsers(Long userId)
{
return (Users) getSession().get(Users.class, userId);
}
public void deleteUsers(Long userId)
{
Users users = getUsers(userId);
if (null != users)
{
getSession().delete(users);
}
}
private Session getSession()
{
Session sess = getSessionFactory().getCurrentSession();
if (sess == null)
{
sess = getSessionFactory().openSession();
}
return sess;
}
private SessionFactory getSessionFactory()
{
return sessionFactory;
}
}
這是我想使用的加密類
public class Encryption
{
public static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
public static final int SALT_BYTE_SIZE = 24;
public static final int HASH_BYTE_SIZE = 24;
public static final int PBKDF2_ITERATIONS = 1000;
public static final int ITERATION_INDEX = 0;
public static final int SALT_INDEX = 1;
public static final int PBKDF2_INDEX = 2;
public static String createHash(String password) throws NoSuchAlgorithmException, InvalidKeySpecException
{
return createHash(password.toCharArray());
}
public static String createHash(char[] password) throws NoSuchAlgorithmException, InvalidKeySpecException
{
SecureRandom random = new SecureRandom();
byte[] salt = new byte[SALT_BYTE_SIZE];
random.nextBytes(salt);
byte[] hash = pbkdf2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
return PBKDF2_ITERATIONS + ":" + toHex(salt) + ":" + toHex(hash);
}
public static boolean validatePassword(String password, String correctHash) throws NoSuchAlgorithmException, InvalidKeySpecException
{
return validatePassword(password.toCharArray(), correctHash);
}
public static boolean validatePassword(char[] password, String correctHash) throws NoSuchAlgorithmException, InvalidKeySpecException
{
String[] params = correctHash.split(":");
int iterations = Integer.parseInt(params[ITERATION_INDEX]);
byte[] salt = fromHex(params[SALT_INDEX]);
byte[] hash = fromHex(params[PBKDF2_INDEX]);
byte[] testHash = pbkdf2(password, salt, iterations, hash.length);
return slowEquals(hash, testHash);
}
private static boolean slowEquals(byte[] a, byte[] b)
{
int diff = a.length ^ b.length;
for(int i = 0; i < a.length && i < b.length; i++)
diff |= a[i] ^ b[i];
return diff == 0;
}
private static byte[] pbkdf2(char[] password, byte[] salt, int iterations, int bytes) throws NoSuchAlgorithmException, InvalidKeySpecException
{
PBEKeySpec spec = new PBEKeySpec(password, salt, iterations, bytes * 8);
SecretKeyFactory skf = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM);
return skf.generateSecret(spec).getEncoded();
}
private static byte[] fromHex(String hex)
{
byte[] binary = new byte[hex.length() / 2];
for(int i = 0; i < binary.length; i++)
{
binary[i] = (byte)Integer.parseInt(hex.substring(2*i, 2*i+2), 16);
}
return binary;
}
private static String toHex(byte[] array)
{
BigInteger bi = new BigInteger(1, array);
String hex = bi.toString(16);
int paddingLength = (array.length * 2) - hex.length();
if(paddingLength > 0)
return String.format("%0" + paddingLength + "d", 0) + hex;
else
return hex;
}
public String saltedPass(String password)
{
String hash = "";
try
{
hash = createHash(password);
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
}
catch (InvalidKeySpecException e)
{
e.printStackTrace();
}
return hash;
}
public boolean validation(String password, String hash)
{
try
{
if (validatePassword(password, hash))
{
System.out.println("CORRECT PASSWORD!");
return true;
}
}
catch (Exception ex)
{
System.out.println("ERROR: " + ex);
}
return false;
}
}
我希望有人能幫助我..即使是一個小想法也能幫助我
您可以使用MessageDigest 。
嘗試以下操作:
MessageDigest digest=MessageDigest.getInstance("MD5");
String test="test";
digest.update(test.getBytes());
byte hash[]=digest.digest();
這是一個例子: https ://gist.github.com/haochenx/28283eb950c8dc6bbaf7
核心線路是:
public static String encryptPassphrase(String passphrase) {
try {
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] salt = new byte[18];
RNG.nextBytes(salt);
md.update(salt);
md.update(passphrase.getBytes(StandardCharsets.UTF_8));
byte[] passEnc = md.digest();
return String.format("%s$%s",
new String(Base64.encode(salt)),
new String(Base64.encode(passEnc)));
} catch (NoSuchAlgorithmException ex) {
throw new RuntimeException(ex); // this should never happen though
}
}
public static boolean verifyPassphrase(String passphrase, String encryptedPassphrase) {
String[] splited = encryptedPassphrase.split("\\$");
byte[] salt = Base64.decode(splited[0].getBytes());
byte[] passEncDb = Base64.decode(splited[1].getBytes());
try {
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(salt);
md.update(passphrase.getBytes(StandardCharsets.UTF_8));
byte[] passEnc = md.digest();
return Arrays.equals(passEncDb, passEnc);
} catch (NoSuchAlgorithmException ex) {
throw new RuntimeException(ex); // this should never happen though
}
}
請注意@Darshan 的方法有幾個安全問題。 首先,不加鹽的哈希密碼會降低安全性。 其次,MD5 不再被認為是安全的,因此不建議在新應用程序中使用。 最后,實際上不是安全問題,但是當從 String 獲取 byte[] 時,您應該始終指定一個字符集,除非您確定只有 ASCII 字符(甚至不完全正確,但實際上是的),否則您會遇到問題您將應用程序部署到不同的服務器。
我只在main方法中加入了一個很基礎的測試,類僅供參考。 我也沒有做參數檢查,應該在生產中添加。
Spring Security 的推薦方法是使用 BCryptPasswordEncoder。 有關詳細信息,請參閱http://www.baeldung.com/spring-security-registration-password-encoding-bcrypt 。
基本上,您使用BCryptPasswordEncoder的實例來加密密碼,然后再將其存儲到數據庫中。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.