一、系统方案
二、项目搭建
1. 引入依赖
包括thymeleaf组件、web组件、test组件、MySQL驱动、Mybatis-plus、lombok插件
<dependencies>
<!--thymeleaf-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<!--web-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!--mybatis-plus-->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.5.1</version>
</dependency>
<!--mysql-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<!--lombok-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<!--test-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>2.3.4.RELEASE</version>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
(其中spring-boot-maven-plugin
报红,暂时无影响)
2. 修改配置文件
spring:
# thymeleaf 配置
thymeleaf:
cache:false
# 数据源配置
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://localhost:3306/seckill?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai
username: root
password: root
hikari:
# 连接池名
pool-name: DateHikariCP
# 最小空闲连接数
minimum-idle: 5
# 空闲连接存活最大时间,默认600000 (10分钟)
idle-timeout: 1800000
# 最大连接数,默认10
maximum-pool-size: 10
# 从连接池返回的连接自动提交
auto-commit: true
# 连接最大存活时间,0表示永久存活,默认30分钟
max-lifetime: 1800000
# 连接超时时间,默认30s
connection-timeout: 30000
# 测试连接是否可用的查询语句
connection-test-query: SELECT 1
mybatis-plus:
# 配置 Mapper.xml
mapper-locations: classpath*:/mapper/*Mapper.xml
# 配置 MyBatis数据返回类型别名(默认别名是类名)
type-aliases-package: com.example.seckill.pojo
# MyBatis SQL打印(方法接口所在的包,不是 Mapper.xml 所在的包)
logging:
level:
com.example.seckill.mapper: debug
3. 测试项目搭建
用控制层和简单html进行测试
@Controller
@RequestMapping("/demo")
public class DemoController {
/**
* 测试页面跳转
* @author 47roro
* @date 2022/4/3
**/
@RequestMapping("/hello")
public String hello(Model model){
model.addAttribute("name", "example");
return "hello";
}
}
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>测试</title>
</head>
<body>
<p th:text="'hello,' + ${name}"></p>
</body>
</html>
url 输入localhost:8080/demo/hello请求到html页面,输出结果
三、数据库建立
1. 建立数据库
use seckill;
create table t_user(
`id` bigint(20) not null comment '用户ID,手机号码',
`nickname` varchar(255) not null,
`password` varchar(32) default null comment 'MD5(MD5(pass明文+固定salt) + salt)',
`salt` varchar(10) default null,
`head` varchar(128) default null comment '头像',
`register_date` datetime default null,
`last_login_date` datetime default null,
`login_count` int(11) default 0,
primary key(`id`)
)
2. 2次MD5加密
第一次前端传给后端的时候进行一次MD5加密,防止用户密码在网络中明文传输;第二次后端传给数据库的时候进行二次MD5加密,防止数据库丢失后,破解者通过salt进行解密破解密码。
3. 引入MD5依赖
<!-- md5 依赖 -->
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.6</version>
</dependency>
4. 准备utils工具类
public class MD5Util {
public static String md5(String src){
return DigestUtils.md5Hex(src);
}
// 和前端的salt保持一直
private static final String salt = "1a2b3c4d";
public static String inputPassToFromPass(String inputPass){
String str = "" + salt.charAt(0) + salt.charAt(2) + inputPass + salt.charAt(5) + salt.charAt(4);
return md5(str);
}
public static String frompassToDBPass(String fromPass, String salt){
String str = "" + salt.charAt(0) + salt.charAt(2) + fromPass + salt.charAt(5) + salt.charAt(4);
return md5(str);
}
public static String inputPassToDBPass(String inputPass, String salt){
String fromPass = inputPassToFromPass(inputPass);
String dbPass = frompassToDBPass(fromPass, salt);
return dbPass;
}
}
测试结果:
第一次加密密码:
ce21b747de5af71ab5c2e20ff0a60eea
第二次加密密码:
0687f9701bca74827fcefcd7e743d179
存入数据库的密码:
0687f9701bca74827fcefcd7e743d179