登陆的时候对密码进行加密,然后在后台进行解密
进入页面先会通过一个ajax请求,获取一个随机数key,然后通过密码和随机数进行加密,
然而感觉这种加密方法并没有什么卵用,,,只不过增加了点难度而已
<%--
Created by IntelliJ IDEA.
User: Ming
Date:
Time: 10:54
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/";
%>
<html>
<head>
<base href="<%=basePath%>">
<title>密码加密</title>
<script type="text/javascript" src="static/jquery/jquery.min.js"></script>
<script type="text/javascript" src="static/CryptoJS v3.1.2/rollups/aes.js"></script>
<script type="text/javascript" src="static/CryptoJS v3.1.2/components/mode-ecb-min.js"></script>
<link rel="stylesheet" href="static/css/login.css">
</head>
<body>
<section class="container">
<div class="login">
<form id="loginForm" method="post" action="index.html">
<p><input type="text" name="username" placeholder="用户名"></p>
<p><input type="password" name="password" placeholder="密码"></p>
<p class="submit"><input type="submit" value="登录"></p>
</form>
</div>
</section>
<script type="text/javascript">
var key = null;
$.get("sys/user/random", {}, function(result) {
// result.data 进入这个页面请求后台,所返回的一个随机数
key = CryptoJS.enc.Utf8.parse(result.data);
}, "json")
$(function(){
$("#loginForm").on("submit", function(event){
//获取用户名和密码
var username = $("input[name=username]").val();
var password = $("input[name=password]").val();
//发送ajax请求给服务器
$.post("sys/user/login",
{
"user.username" : username,
// 调用 Encrypt(word) 对密码进行加密
"user.password" : Encrypt(password)
},
function(data){
if(data.success){
alert(true)
}else{
alert(false)
}
},"json"
);
});
})
function Encrypt(word){
var src = CryptoJS.enc.Utf8.parse(word);
var encrypted = CryptoJS.AES.encrypt(src, key, {mode:CryptoJS.mode.ECB,padding: CryptoJS.pad.Pkcs7});
return encrypted.toString();
}
</script>
</body>
</html>
这是后端代码:
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import sun.misc.BASE64Decoder;
/**
* @author Ming
* @date 2018/3/24 10:55
*/
public class TestEncryption{
private static final String KEY = "随机数,但是这个数的长度是需要控制的;比如这个随机数通过MD5加密后,那么运行就会报错,太长了";
private static final String ALGORITHMSTR = "AES/ECB/PKCS5Padding";
public static String base64Encode(byte[] bytes) {
return Base64.encodeBase64String(bytes);
}
public static byte[] base64Decode(String base64Code) throws Exception {
return new BASE64Decoder().decodeBuffer(base64Code);
}
public static byte[] aesEncryptToBytes(String content, String encryptKey) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);
Cipher cipher = Cipher.getInstance(ALGORITHMSTR);
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptKey.getBytes(), "AES"));
return cipher.doFinal(content.getBytes("utf-8"));
}
public static String aesEncrypt(String content, String encryptKey) throws Exception {
return base64Encode(aesEncryptToBytes(content, encryptKey));
}
public static String aesDecryptByBytes(byte[] encryptBytes, String decryptKey) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);
Cipher cipher = Cipher.getInstance(ALGORITHMSTR);
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryptKey.getBytes(), "AES"));
byte[] decryptBytes = cipher.doFinal(encryptBytes);
return new String(decryptBytes);
}
public static String aesDecrypt(String encryptStr, String decryptKey) throws Exception {
return aesDecryptByBytes(base64Decode(encryptStr), decryptKey);
}
public static void main(String[] args) throws Exception {
String content = "Test encryption";
String encrypt = aesEncrypt(content, KEY);
System.out.println("加密后:" + encrypt);
String decrypt = aesDecrypt(encrypt, KEY);
System.out.println("解密后:" + decrypt);
}
}
和前端结合起来用的话就是:
public static void main(String[] args) throws Exception {
String content = user.password; //这里就是前端加密后传过来的密码
System.out.println("解密后:" + aesDecrypt(encrypt, KEY)); // 解密,通过加密后的密码和我们上面生成的key进行解密
}
链接:https://pan.baidu.com/s/19n7uk9i8fvdrXCeN4iG9xA 密码:1ebz
中的内容:
<script type="text/javascript" src="static/CryptoJS v3.1.2/rollups/aes.js"></script>
<script type="text/javascript" src="static/CryptoJS v3.1.2/components/mode-ecb-min.js"></script>
import org.apache.commons.codec.binary.Base64;
以上代码亲测可用,下载js,以及添加jar 前后端交互就可以了