学习基于ssm框架前后端分离实现注册登录MD5加密的心得体会
1.什么是MD5加密
MD5概述:
MD5消息摘要算法,属Hash算法一类。MD5算法对输入任意长度的消息进行运行,产生一个128位的消息摘要(32位的数字字母混合码)。
在这我就不细探究算法了,学会运用这个工具类就行,详细讲解参考
2.所需依赖
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.6</version>
</dependency>
3.工具类MD5Util
创建一个utils包
创建Md5Util类
package com.wjk.utils;
import org.apache.commons.codec.digest.DigestUtils;
public class Md5Util {
// 实现一个md5加解密
public final static String md5Key = "lalalalall";
/**
*
* @param strPwd 明文密码
* @param
* @return 密文
* @throws Exception
*/
//用于注册时对密码进行加密
public static String md5(String strPwd,String Key) throws Exception{
// 获取加密后的字符串
String encodeStr = DigestUtils.md5Hex(strPwd + Key);
return encodeStr;
}
/**
* 用户登录,密码验证
* @param pwdStr 明文字符串
* @param md5 密文字符串
* @return
*/
public static boolean passwordVerify(String pwdStr,String md5,String key) throws Exception {
//在该方法中,不需要在外面做密码加密,登录时获取到当前用户输入的密码,在方法里进行加密
String md5Pwd= md5(pwdStr,key);
System.out.println(md5Pwd);
if (md5Pwd.equalsIgnoreCase(md5)){
return true;
}
return false;
}
}
4.mapper类
package com.wjk.mapper;
import com.wjk.entity.Account;
import org.apache.ibatis.annotations.*;
import org.springframework.stereotype.Component;
import java.util.List;
@Component
public interface AccountMapper {
@Select("select * from account")
@Results({
@Result(property = "accountId",column = "account_id"),
@Result(property = "accountName",column = "account_name"),
@Result(property = "passWord",column = "password"),
@Result(property = "createTime",column = "create_time"),
@Result(property = "updateTime",column = "update_time")
})
List<Account> selectAccount();
//新账户注册
@Insert("insert into account(account_name,password,create_time,update_time) values (#{accountName},#{passWord},#{createTime},#{updateTime}) ")
int insertAccount(Account account);
//通过accountName查询用户信息,用于登录验证
@Select("select * from account where account_name = #{accountName}")
@Results({
@Result(property = "accountId",column = "account_id"),
@Result(property = "accountName",column = "account_name"),
@Result(property = "passWord",column = "password"),
@Result(property = "createTime",column = "create_time"),
@Result(property = "updateTime",column = "update_time")
})
Account selectAccountByName(String accountName);
}
5.service类
package com.wjk.service;
import com.wjk.entity.Account;
import java.util.List;
public interface AccountService {
List<Account> findAccount();
//新账户注册
int addAcount(Account account);
//通过accountName查询用户信息,用于登录验证
Account findAccountByName(String accountName);
}
serviceImpl
package com.wjk.service.Impl;
import com.wjk.entity.Account;
import com.wjk.mapper.AccountMapper;
import com.wjk.service.AccountService;
import com.wjk.utils.Md5Util;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.List;
@Service
public class AccountServiceImpl implements AccountService {
@Autowired
private AccountMapper accountMapper;
//通过accountName查询用户信息,用于登录验证
@Override
public List<Account> findAccount() {
return accountMapper.selectAccount();
}
@Override
public Account findAccountByName(String accountName) {
return accountMapper.selectAccountByName(accountName);
}
//新账户注册
@Override
public int addAcount(Account account) {
return accountMapper.insertAccount(account);
}
}
6.controller
package com.wjk.controller;
import com.wjk.config.result.R;
import com.wjk.entity.Account;
import com.wjk.service.AccountService;
import com.wjk.service.Impl.AccountServiceImpl;
import com.wjk.utils.JwtTokenUtil;
import com.wjk.utils.Md5Util;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import java.util.Date;
import java.util.Map;
@RestController
@RequestMapping("/account")
public class AccountController {
@Autowired
private AccountServiceImpl accountServiceImpl;
//登录
@PostMapping("/login")
public R login(@RequestBody Account request, HttpServletResponse response) throws Exception {
//登录应该先通过输入的用户名在数据库中查找用户信息,如果不为空才进行后面的逻辑
Account account = accountServiceImpl.findAccountByName(request.getAccountName());
System.out.println(account);
if(account!=null){
System.out.println(1);
//开始校验密码
String ps = request.getPassWord();
System.out.println(ps);
boolean result = Md5Util.passwordVerify(ps,account.getPassWord(),Md5Util.md5Key);
// System.out.println(Md5Util.md5(ps));
if(result){
System.out.println(2);
//如果密码账户都校验成功,则获取token
System.out.println(account.getAccountId());
String token = JwtTokenUtil.buildJwt(account.getAccountName(),account.getAccountId());
System.out.println(token);
//将token写入响应头中存放到cookie中
response.addHeader("Authorization","Bearer" + token);
response.setContentType("application/json;charset=utf-8");
if(token!=null){
System.out.println(3);
//如果token不等于空则存放到cookie中
Cookie cookie = new Cookie("TOKEN",token);
//设置token有效时间
cookie.setMaxAge(3600);
cookie.setPath("/");
response.addCookie(cookie);
}
return R.Success("token的值:" + token);
}
System.out.println(5);
}
return R.Failed("登录失败!");
}
//注册
@RequestMapping(value = "/registe",method = RequestMethod.GET)
public R registe(String accountName,String passWord){
//在用户输入账号密码后对数据库中已存在的用户信息进行校验该用户名是否存在
//通过输入的用户名查找用户信息放入account
Account account = accountServiceImpl.findAccountByName(accountName);
//判断是否为空,如果为空则进行存入数据库
if(account == null){
try {
//对输入的密码进行加密
String inputPassword = Md5Util.md5(passWord,Md5Util.md5Key);
Account account1 = new Account();
Date currenTime = new Date();
account1.setAccountName(accountName);
account1.setPassWord(inputPassword);
account1.setCreateTime(currenTime);
account1.setUpdateTime(currenTime);
int result = accountServiceImpl.addAcount(account1);
System.out.println(result);
return R.Success("注册成功");
} catch (Exception e) {
e.printStackTrace();
return R.Failed("注册失败");
}
}
return R.Failed("失败");
}
}
7.利用postman工具测试结果
8.心得体会
在注册时,用户输入用户名和密码后,后台通过输入的账户去数据库查询有无相同的用户名,没有则将密码进行加密后存进数据库,登录时,用户输入用户名和密码,同样,先将输入的用户名拿去数据库进行查询用户信息是否为空,如果存在该用户,则将用户输入的密码进行加密后,再与注册时加密的密码进行对比,若相同则登录成功。在看似简单的流程中,我却犯了一个错,那就是逻辑不清晰,一会在service里进行加密逻辑处理,一会又在controller里进行,这导致了中间某个过程密码加密了多次,然后登陆时加密的密码就不与注册时加密的密码匹配,困扰了我很久很久,所以一定要逻辑清晰,建议还是在service里进行逻辑处理,最后祝大家打代码不报错并感谢各位大佬能提出宝贵意见