UUID工具类
public class UUIDUtils {
public static String getUUID(){
return UUID.randomUUID().toString().replace("-", "");
}
}
MD5加密工具类
public class MD5Util {
/**
* byte[]字节数组 转换成 十六进制字符串
*
* @param arr 要转换的byte[]字节数组
*
* @return String 返回十六进制字符串
*/
private static String hex(byte[] arr) {
StringBuffer sb = new StringBuffer();
for (int i = 0; i < arr.length; ++i) {
sb.append(Integer.toHexString((arr[i] & 0xFF) | 0x100).substring(1, 3));
}
return sb.toString();
}
/**
* MD5加密,并把结果由字节数组转换成十六进制字符串
*
* @param str 要加密的内容
*
* @return String 返回加密后的十六进制字符串
*/
private static String md5Hex(String str) {
try {
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] digest = md.digest(str.getBytes());
return hex(digest);
} catch (Exception e) {
e.printStackTrace();
System.out.println(e.toString());
return "";
}
}
/**
* 生成含有随机盐的密码
*
* @param password 要加密的密码
*
* @return String 含有随机盐的密码
*/
public static String getSaltMD5(String password) {
// 生成一个16位的随机数
Random random = new Random();
StringBuilder sBuilder = new StringBuilder(16);
sBuilder.append(random.nextInt(99999999)).append(random.nextInt(99999999));
int len = sBuilder.length();
if (len < 16) {
for (int i = 0; i < 16 - len; i++) {
sBuilder.append("0");
}
}
// 生成最终的加密盐
String salt = sBuilder.toString();
password = md5Hex(password + salt);
char[] cs = new char[48];
for (int i = 0; i < 48; i += 3) {
cs[i] = password.charAt(i / 3 * 2);
char c = salt.charAt(i / 3);
cs[i + 1] = c;
cs[i + 2] = password.charAt(i / 3 * 2 + 1);
}
return String.valueOf(cs);
}
/**
* 验证加盐后是否和原密码一致
*
* @param password 原密码
*
* @param password 加密之后的密码
*
*@return boolean true表示和原密码一致 false表示和原密码不一致
*/
public static boolean getSaltverifyMD5(String password, String md5str) {
char[] cs1 = new char[32];
char[] cs2 = new char[16];
for (int i = 0; i < 48; i += 3) {
cs1[i / 3 * 2] = md5str.charAt(i);
cs1[i / 3 * 2 + 1] = md5str.charAt(i + 2);
cs2[i / 3] = md5str.charAt(i + 1);
}
String Salt = new String(cs2);
return md5Hex(password + Salt).equals(String.valueOf(cs1));
}
public static void main(String[] args) {
// 原密码
String plaintext = "123456";
// 获取加盐后的MD5值
String ciphertext = MD5Util.getSaltMD5(plaintext);
System.out.println("加盐后MD5:" + ciphertext);
System.out.println("是否是同一字符串:" + MD5Util.getSaltverifyMD5("1231243", ciphertext));
}
}
自定义接口 自定义key
public interface Constants {
//自定义cookie的key,代替用户登录时Session的管理
static String CookieKey="juserid";
static String RedisUserKey="juserid";
}
controller层
@Resource
private RedisTemplate<String, User> redisTemplate;
登陆分支 通过cookie将用户信息存入redis中 代替session
@RequestMapping("/login")
@ResponseBody
public boolean login(User user,HttpServletRequest request,HttpServletResponse response) {
//据uname查询记录
List<User> users = studentService.getUser(user);
if(users.size()>0) {
User userdb = users.get(0);
//网页上的密码与数据库内密文密码是否验证通过
if(MD5Util.getSaltverifyMD5(user.getPwd(), userdb.getPwd())) {
//Session的处理
//request.getSession().setAttribute("user", user);
//创建新的Cookie
String uuid = UUIDUtils.getUUID();
Cookie cookie = new Cookie(Constants.CookieKey, uuid);
response.addCookie(cookie);//返回客户端
//Redis 里保存当前cookie里对应的信息 key=UUIDUtils value=User
BoundHashOperations<String, Object, Object> boundHashOps = redisTemplate.boundHashOps(Constants.RedisUserKey);
boundHashOps.put(uuid, user);
return true;
}
}else {
return false;
}
return false;
}
拦截器中
public class LoginInterceptor implements HandlerInterceptor{
@Resource
private RedisTemplate<String,User> redisTemplate;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
//Session的管理被Redis代替
//User user = (User) request.getSession().getAttribute("user");
String struuid=null;
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {
if(cookie.getName().equalsIgnoreCase(Constants.CookieKey)) {
struuid=cookie.getValue();
}
}
if(struuid==null) {
System.out.println("验证不通过");
response.sendRedirect("/toLogin.do");
System.out.println("UUID不存在");
return false;
}
//Redis里保存当前cookie里对应的信息 key=UUIDUtils
BoundHashOperations<String, Object, Object> boundHashOps = redisTemplate.boundHashOps(Constants.RedisUserKey);
User user = (User) boundHashOps.get(struuid);
if(user==null) {
System.out.println("验证不通过");
response.sendRedirect("/toLogin.do");
return false;
}else {
System.out.println("验证通过");
return true;
}
}
}
拦截器的配置文件
@Configuration
public class LoginInterceptorConfig implements WebMvcConfigurer{
@Bean //创建一个拦截器 返回值是拦截器类型
public LoginInterceptor createLoginInterceptor() {
return new LoginInterceptor();
}
//增加拦截器方法
public void addInterceptors(InterceptorRegistry registry) {
InterceptorRegistration addInterceptor = registry.addInterceptor(createLoginInterceptor());
//接受所有的访问
addInterceptor.addPathPatterns("/**");
//排除一些访问,不拦截
addInterceptor.excludePathPatterns("/toLogin.do");
addInterceptor.excludePathPatterns("/login");
addInterceptor.excludePathPatterns("/toReg.do");
addInterceptor.excludePathPatterns("/regSave");
addInterceptor.excludePathPatterns("/defaultKaptcha");
addInterceptor.excludePathPatterns("/validateDefaultKaptcha");
addInterceptor.excludePathPatterns("/js/**/*.js");
addInterceptor.excludePathPatterns("/css/**/*.css");
/*addInterceptor.excludePathPatterns("/cookie");
addInterceptor.excludePathPatterns("/getcookie");*/
}
}