一。SHA1散列加密 根据用户名和密码
1.原始密码生成加密的密码
String pwd = SHA1Util.encrytSHA1(sysUserDto.getUserName(), sysUserDto.getUserPassword());
public static String encrytSHA1(String userName, String password) {
if (StringUtils.isEmpty(userName)) {
return null;
}
MessageDigest sha;
try {
sha = MessageDigest.getInstance("SHA");
//用户名小写后与密码拼接
byte[] bytes = (userName.toLowerCase() + password).getBytes("UTF-8");
byte[] shaBytes = sha.digest(bytes);
StringBuffer hexValue = new StringBuffer();
for (int i = 0; i < shaBytes.length; i++) {
//转成16进制
int val = ((int) shaBytes[i]) & 0xff;
if (val < 16) {
hexValue.append("0");
}
hexValue.append(Integer.toHexString(val));
}
return hexValue.toString().toUpperCase();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
2.验证密码
根据前端传过来的用户名和密码生成新的加密密码,和数据库做比较
//SHA1加密
userPwd = SHA1Util.encrytSHA1(userName, userPwd);
//密码不正确
if(!userDto.getUserPassword().equals(userPwd)){
log.warn("【登录验证】用户密码校验不通过!!!!");
throw new JafException("USER_VERIFY_FAIL","用户密码错误",HttpStatus.METHOD_NOT_ALLOWED);
}
二。Spring的BCryptPasswordEncoder
public class EncryptUtil {
PasswordEncoderFactories.createDelegatingPasswordEncoder();
/**
* 密码加密
*
* @param password 原始密码
* @return 加密后的密码
*/
public static String encryptPassword(String password) {
BCryptPasswordEncoder crypt = new BCryptPasswordEncoder();
return crypt.encode(password);
}
/**
* 密码匹配
*
* @param rawPassword 未加密密码
* @param encodedPassword 加密密码
* @return 如果匹配一致,返回true。否则返回false
*/
public static boolean matchPassword(String rawPassword, String encodedPassword) {
BCryptPasswordEncoder crypt = new BCryptPasswordEncoder();
return crypt.matches(rawPassword, encodedPassword);
}
}
、