注册时从页面获得密码,对密码进行加密之后形成字符串并且存入数据库,在登陆时,在页面获得输入的密码经过加密之后的获得的字符串与数据库查询出来的字符串进行匹对,如果实现匹对则进行登陆,具体方法如下
实现是工具类
(一)
package cn.bdqn.util;
import java.security.MessageDigest;
/**
* 采用MD5加密
* @author wjx
* @datetime 2017-1-8
*/
public class MD5Util {
/***
* MD5加密 生成32位md5码
* @param 待加密字符串
* @return 返回32位md5码
*/
public static String md5Encode(String inStr) throws Exception {
MessageDigest md5 = null;
try {
md5 = MessageDigest.getInstance("MD5");
} catch (Exception e) {
System.out.println(e.toString());
e.printStackTrace();
return "";
}
byte[] byteArray = inStr.getBytes("UTF-8");
byte[] md5Bytes = md5.digest(byteArray);
StringBuffer hexValue = new StringBuffer();
for (int i = 0; i < md5Bytes.length; i++) {
int val = ((int) md5Bytes[i]) & 0xff;
if (val < 16) {
hexValue.append("0");
}
hexValue.append(Integer.toHexString(val));
}
return hexValue.toString();
}
/**
* 测试主函数
* @param args
* @throws Exception
*/
public static void main(String args[]) throws Exception {
String str = new String("123");
System.out.println("原始:" + str);
System.out.println("MD5后:" + md5Encode(str));
}
}
(二)工具类 二次加密
package cn.bdqn.util;
import java.security.MessageDigest;
/**
* 采用SHAA加密
* @author wjx
* @datetime 2017-1-8
*/
public class SHAUtil {
/***
* SHA加密 生成40位SHA码
* @param 待加密字符串
* @return 返回40位SHA码
*/
public static String shaEncode(String inStr) throws Exception {
MessageDigest sha = null;
try {
sha = MessageDigest.getInstance("SHA");
} catch (Exception e) {
System.out.println(e.toString());
e.printStackTrace();
return "";
}
byte[] byteArray = inStr.getBytes("UTF-8");
byte[] shaBytes = sha.digest(byteArray);
StringBuffer hexValue = new StringBuffer();
for (int i = 0; i < shaBytes.length; i++) {
int val = ((int) shaBytes[i]) & 0xff;
if (val < 16) {
hexValue.append("0");
}
hexValue.append(Integer.toHexString(val));
}
return hexValue.toString();
}
/**
* 测试主函数
* @param args
* @throws Exception
*/
public static void main(String args[]) throws Exception {
String str = new String("amigoxiexiexingxing");
System.out.println("原始:" + str);
System.out.println("SHA后:" + shaEncode(str));
}
}
实现类
package cn.bdqn.controller;
import javax.annotation.Resource;
import javax.jws.WebParam.Mode;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import com.ndktools.javamd5.Mademd5;
import com.sun.tracing.dtrace.Attributes;
import cn.bdqn.biz.BackendManageBiz;
import cn.bdqn.biz.UserBiz;
import cn.bdqn.pojo.Dictionary;
import cn.bdqn.pojo.User;
import cn.bdqn.util.MD5Util;
import cn.bdqn.util.SHAUtil;
@Controller
public class UserController {
private Logger logger = Logger.getLogger(UserController.class);
@Resource
private UserBiz userBiz;
@Resource
private BackendManageBiz backendManageBiz;
//to登录界面
@RequestMapping("/index.html")
public String index(@ModelAttribute("user") User user ){
return "index";
}
//登录判断
@RequestMapping(value = "/main.html",method = RequestMethod.POST)
public String main(User user,Model model,HttpSession session){
/**
* MD5进行对数据库的密码加密,但是用户登录的时候密码是一串字符串
* 我们可以把用户注册的密码在进行加密后和数据库中的密码进行比对,
* 如果一致就可以通过登录,否则,不通过,
* 同理SHA算法也是相同道理
*/
//从数据库查询出来的user2
User user2 = userBiz.findByUserCode(user);
if(user2!=null){
//进行加密后的密码
String pwd2 = null;
try {
//先经过MD5算法加密
String pwd1 = MD5Util.md5Encode(user.getPassword());
//再经过SHA算法加密
pwd2 = SHAUtil.shaEncode(pwd1);
} catch (Exception e) {
e.printStackTrace();
}
//在进行比较密码是否一致的时候,要忽略大小写(加密后是大写,而添加到数据库是小写)
if(user2.getUserCode().equals(user.getUserCode())&&pwd2.equalsIgnoreCase(user2.getPassword())){
//判断该用户是不是会员还是管理员
if(user2.getRoleName().equals("会员")){
//如果用户是个会员,继续查询是哪种会员类型user3
User user3 = userBiz.findUserByMemberType(user2);
//因为查询的结果是额user对象,那就把查询后的user3里面的member放入user2里面
user2.setMemberName(user3.getMemberName());
}
//最后放入session里面
session.setAttribute("user2", user2);
return "main";
}
model.addAttribute("passwordMess", "* 密码不正确");
return "index";
}
model.addAttribute("userNameMess", "* 用户名不存在");
return "index";
}
//用户注销返回登录界面
@RequestMapping(value="/logout.html",method=RequestMethod.GET)
public String logout(HttpSession session){
if(session!=null){
session.invalidate();
}
return "index";
}
//根据userCode查询用户
@RequestMapping(value="/getUserByUserCode",method=RequestMethod.GET,params="json")
@ResponseBody
public User getUserByUserCode(User user){
return userBiz.findByUserCode(user);
}
}