第一步、编写TokenProccessor算法类
/**
* 初始化参数
*/
public static final String KEY_ALGORITHM = "DES";
/**
* 加密key,长度为8位
*/
public static final String KEY = "***";
public static final String PREFIX = "***";
/**
* 加密算法
* @param token
* @return
* @throws Exception
*/
public static String encrypt(String token, String key)
throws Exception {
byte[] keyBytes = key.getBytes();
IvParameterSpec iv = new IvParameterSpec(keyBytes);
DESKeySpec desKey = new DESKeySpec(keyBytes);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(KEY_ALGORITHM);
SecretKey securekey = keyFactory.generateSecret(desKey);
Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, securekey, iv);
byte[] enBytes = cipher.doFinal(token.getBytes("UTF-8"));
return byte2Hex(enBytes);
}
/**
* 加密初始化值
* @param userId
* @return
* @throws Exception
*/
public static String makeToken(Long userId, long timeStamp)
throws Exception {
String token = PREFIX + "-" + userId + "-" + timeStamp;
return encrypt(token, KEY);
}
/**
* 解密算法
* @param token
* @param key
* @return
* @throws Exception
*/
public static String decrypt(String token, String key)
throws Exception {
byte[] keyBytes = key.getBytes();
DESKeySpec desKey = new DESKeySpec(keyBytes);
IvParameterSpec iv = new IvParameterSpec(keyBytes);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(KEY_ALGORITHM);
SecretKey securekey = keyFactory.generateSecret(desKey);
Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, securekey, iv);
byte[] deBytes = cipher.doFinal(hex2Byte(token));
String[] spliter = new String(deBytes, "UTF-8").split("-");
if(spliter.length != 3 || !spliter[0].equals(PREFIX)){
return null;
}
return spliter[1];
}
/**
* 解密初始化值
* @param token
* @return
* @throws Exception
*/
public static String analysis(String token)
throws Exception {
return decrypt(token, KEY);
}
/**
* 将二进制转换成16进制
* @param buf
* @return
*/
public static String byte2Hex(byte buf[]) {
StringBuffer sb = new StringBuffer();
for (int i = 0; i < buf.length; i++) {
String hex = Integer.toHexString(buf[i] & 0xFF);
if (hex.length() == 1) {
hex = '0' + hex;
}
sb.append(hex.toUpperCase());
}
return sb.toString();
}
/**
* 将16进制转换为二进制
* @param hexStr
* @return
*/
public static byte[] hex2Byte(String hexStr) {
if (hexStr.length() < 1) return null;
byte[] result = new byte[hexStr.length() / 2];
for (int i = 0; i < hexStr.length() / 2; i++) {
int high = Integer.parseInt(hexStr.substring(i * 2, i * 2 + 1), 16);
int low = Integer.parseInt(hexStr.substring(i * 2 + 1, i * 2 + 2), 16);
result[i] = (byte) (high * 16 + low);
}
return result;
}
/**
* 测试用例
* @param args
* @throws Exception
*/
public static void main(String[] args) throws Exception{
String plain = "13";
String key = "12345678";
String enText = TokenProccessor.encrypt(plain, key);
String deText = TokenProccessor.decrypt(enText, key);
}
第二步、在项目中引用算法类TokenProccessor进行加密
Date now = new Date();
token = TokenProccessor.makeToken(appMember.getId(),now.getTime());
第三步、在项目中进行解密
String token = request.getHeader(TOKEN);
if(StringUtils.isEmpty(token)){
showErrorResult(response, 401, "您没有访问权限");
return false;
}
String userId = TokenProccessor.analysis(token);
从前端请求头中读取token然后调用TokenProccessor算法类进行解密