自定义工具类
package com.example.hotelmanagement.utils;
import org.apache.commons.codec.binary.Base64;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
/**
* 密码盐生成和密码加密
*
*/
public class PwdTool {
private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";
/**
* 随机生成8位密码盐
*
* @return
*/
public static String getRandomSalt() {
char[] chars = ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" +
"1234567890!@#$%^&*()_+").toCharArray();
StringBuilder sb = new StringBuilder();
for (int i = 0; i < 8; i++) {
//Random().nextInt()返回值为[0,n)
char aChar = chars[new Random().nextInt(chars.length)];
sb.append(aChar);
}
return sb.toString();
}
/**
* 生成摘要
*
* @param password
* @param salt
* @return
*/
public static String getHMAC(String password, String salt) {
byte[] result = null;
try {
//根据给定的字节数组构造一个密钥,第二参数指定一个密钥算法的名称
SecretKeySpec signinKey = new SecretKeySpec(salt.getBytes(), HMAC_SHA1_ALGORITHM);
//生成一个指定 Mac 算法 的 Mac 对象
Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
//用给定密钥初始化 Mac 对象
mac.init(signinKey);
//完成 Mac 操作
byte[] rawHmac = mac.doFinal(password.getBytes());
result = Base64.encodeBase64(rawHmac);
} catch (NoSuchAlgorithmException e) {
System.err.println(e.getMessage());
} catch (InvalidKeyException e) {
System.err.println(e.getMessage());
}
if (null != result) {
return new String(result);
} else {
return null;
}
}
}
进行加密的时候调用方法生成密码盐,然后在调用方法生成密码,把密码盐和加密的密码同时存入数据库
/**
* @param userAccount
* @return int
* @Description 用户注册账号
* @date 2021/5/20 20:23
*/
@Override
public JsonResult insertAdd(UserAccount userAccount) {
if (userAccount == null) {
throw new LxBaseException(LxConstantResultCode.ERROR_CLIENT_REQUIRED_PARAMETER_EMPTY, "传入对象不能为空");
}
String username = userAccount.getUsername();
if (StringUtils.isBlank(username)) {
throw new LxBaseException(LxConstantResultCode.ERROR_CLIENT_REQUIRED_PARAMETER_EMPTY, "账号不能为空");
}
int i = userAccountMapper.selectByUsernameCount(username);
if (i == 1) {
throw new LxBaseException(LxConstantResultCode.ERROR_CLIENT_USERNAME_EXISTS, "账号已存在");
}
String password = userAccount.getPassword();
if (StringUtils.isBlank(password)) {
throw new LxBaseException(LxConstantResultCode.ERROR_CLIENT_REQUIRED_PARAMETER_EMPTY, "密码不能为空");
}
String pwdKey = PwdTool.getRandomSalt();
String password1 = PwdTool.getHMAC(password, pwdKey);
userAccount.setPassword(password1);
userAccount.setPwdKey(pwdKey);
userAccount.setCreateTime(new Date());
int j = userAccountMapper.insertAdd(userAccount);
if (j == 1) {
return new JsonResult("注册成功");
}
return new JsonResult("注册失败");
}
进行登录的时候,获取用户输入的账号在数据库找到密码盐,然后在对用户输入的密码进行加密
进行密码比对
/**
* @param userAccount
* @return com.example.hotelmanagement.utils.JsonResult
* @Description 用户进行登录
* @date 2021/5/21 10:21
*/
@Override
public JsonResult login(UserAccount userAccount) {
if (userAccount == null) {
throw new LxBaseException(LxConstantResultCode.ERROR_CLIENT_REQUIRED_PARAMETER_EMPTY, "传入对象为空");
}
//获取输入账号
String username = userAccount.getUsername();
if (StringUtils.isBlank(username)) {
throw new LxBaseException(LxConstantResultCode.ERROR_CLIENT_REQUIRED_PARAMETER_EMPTY, "账号为空");
}
//根据输入用户名称查询用户信息
UserAccount userAccount2 = userAccountMapper.selectByUsername(username);
//取得密码盐
String pwdKey = userAccount2.getPwdKey();
//获取输入密码
String password = userAccount.getPassword();
if (StringUtils.isBlank(password)) {
throw new LxBaseException(LxConstantResultCode.ERROR_CLIENT_REQUIRED_PARAMETER_EMPTY, "密码为空");
}
String password1 = PwdTool.getHMAC(password, pwdKey);
userAccount.setPassword(password1);
//获取账号,密码是否正确
int i = userAccountMapper.login(userAccount);
//取得用户信息
UserAccount userAccount1 = userAccountMapper.login1(userAccount);
Map<String, Object> map = new HashMap<>();
if (i == 1) {
String token = TokenUtil.sign(userAccount1);
if (token != null) {
map.put("code", "10000");
map.put("message", "认证成功");
map.put("token", token);
System.out.println(map);
return new JsonResult<>("10000", "认证成功", token);
}
}
map.put("code", "0000");
map.put("message", "认证失败");
System.out.println(map);
return new JsonResult<>("000", "认证失败");
}