企业网站的建立与维护论文,搭建网站的英语,办网站如何备案,怎么制作网页SpringSecurity 密码加密登录 1.前端所需文件2.后端所用工具类3.登录代码4.灵魂一问 1.前端所需文件
import JSEncrypt from jsencrypt/bin/jsencrypt.min// 密钥对生成 http://web.chacuo.net/netrsakeypairconst publicKey MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoR8mX0rGKLqz… SpringSecurity 密码加密登录 1.前端所需文件2.后端所用工具类3.登录代码4.灵魂一问 1.前端所需文件
import JSEncrypt from jsencrypt/bin/jsencrypt.min// 密钥对生成 http://web.chacuo.net/netrsakeypairconst publicKey MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoR8mX0rGKLqzcWmOzbfj64K8ZIgOdH\n nzkXSOVOZbFu/TJhZ7rFANeaGkl3C4buccQd/EjEsj9ir7ijT7h96MCAwEAAQconst privateKey MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAqhHyZfSsYourNxaY\n 7NtPrgrxkiA50efORdI5U5lsW79MmFnusUA355oaSXcLhu5xxB38SMSyP2KvuKN\n PuH3owIDAQABAkAfoiLyLZ4lf4Myxk6xUDgLaWGximj20CUf5BKKnlrKEd8gA\n kM0HqoTt2UZwA5E2MzS4EI2gjfQhz5X28uqxAiEA3wNFxfrCZlSZHb0gn2zDpWow\n cSxQAgiCstxGUoOqlW8CIQDDOerGKH5OmCJ4Z21vF25WaHYPxCFMvwxpcw99Ecv\n DQIgIdhDTIqD2jfYjPTY8Jj3EDGPbH2HHuffvflECt3Ek60CIQCFRlCkHpi7hthh\n YhovyloRYsMIS9h/0BzlEAuO0ktMQIgSPT3aFAgJYwKpqRYKlLDVcflZFCKY7u3\n UP8iWi1Qw0Y// 加密
export function encrypt(txt) {const encryptor new JSEncrypt()encryptor.setPublicKey(publicKey) // 设置公钥return encryptor.encrypt(txt) // 对数据进行加密
}// 解密
export function decrypt(txt) {const encryptor new JSEncrypt()encryptor.setPrivateKey(privateKey) // 设置私钥return encryptor.decrypt(txt) // 对数据进行解密
} this.loginForm {username: username undefined ? this.loginForm.username : username,password: password undefined ? this.loginForm.password : decrypt(password),rememberMe: rememberMe undefined ? false : Boolean(rememberMe)};2.后端所用工具类
package com.nriat.site.common.utils;import org.apache.commons.codec.binary.Base64;import javax.crypto.Cipher;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;/*** RSA加密解密** author ruoyi**/
public class RsaUtils {// Rsa 私钥public static String privateKey MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALRMc5BuKvnySp5 0geStvGSS4Kfe6/Gurfbc4GTJoUeZPnnAbdcD2NvQ9PXrpTIMW4VuXBfJ2vyE4x dM4U9PIsnHOZPqPDRqIlubnCqjuvV63THV5rvIwPsuadZvfcnAk4HIF8g9FLNH5 Exn8lRrc/ZYqOzuFkcyuWZj57SzAgMBAAECgYAWNai0iF1AR9Ae/Fyj9DYUpotT MZWruDzPm/BBxcLf5A/J6Wjt648s9e3JGgTYPO83iqgaMI6BnJNN4hk7m3xxg2o 1mooI3e6aef3xz3H5CYwerkur22hgQpO3XXX97y0NFx/ST8lg9I1zMh635dHfXJ MHe5WG1YU7gxlN1sQJBAOKgMuNoSR7Gk8ehxFWtlM1Q0RkUhdREVN2KsWEjaP aaxYKU5FU6p0GrStGAcvbzUaYUvXelIykVnVtCyvjkCQQDLqwuXtl9Iw/vsbji9 o7cKUYSwmbye8Yr208qBXzebiLcY1sPKqGyo9y/1tAxCYyyKjOv99FOC7bAHuiw cpLAkEAotDNPqvxvHaWPVpvH886hQVDKqOYhuBkVBY1j9TviNtH5FYCdwU/srpv ZVbmaGMf1lr5g9vJhbIQowXxyBjoQJAJSb/h15SRWDS7M8ydI2Pz0cNkHWK7eeb 9OivkSgAadPnqpVM6Y3aT08K7sfN1JQsYTfHk/r96GHEpYk940K9vwJBALttsP0T l9wVKKG995ZPdxc7nSj1R9oAEPAOOGSamlFV/s7TFBJdgOZVw4T5GjGOY5/Rft wJvc9/lWECKRV4g;/*** 私钥解密** param text 待解密的文本* return 解密后的文本*/public static String decryptByPrivateKey(String text) throws Exception {return decryptByPrivateKey(privateKey, text);}/*** 公钥解密** param publicKeyString 公钥* param text 待解密的信息* return 解密后的文本*/public static String decryptByPublicKey(String publicKeyString, String text) throws Exception {X509EncodedKeySpec x509EncodedKeySpec new X509EncodedKeySpec(Base64.decodeBase64(publicKeyString));KeyFactory keyFactory KeyFactory.getInstance(RSA);PublicKey publicKey keyFactory.generatePublic(x509EncodedKeySpec);Cipher cipher Cipher.getInstance(RSA);cipher.init(Cipher.DECRYPT_MODE, publicKey);byte[] result cipher.doFinal(Base64.decodeBase64(text));return new String(result);}/*** 私钥加密** param privateKeyString 私钥* param text 待加密的信息* return 加密后的文本*/public static String encryptByPrivateKey(String privateKeyString, String text) throws Exception {PKCS8EncodedKeySpec pkcs8EncodedKeySpec new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyString));KeyFactory keyFactory KeyFactory.getInstance(RSA);PrivateKey privateKey keyFactory.generatePrivate(pkcs8EncodedKeySpec);Cipher cipher Cipher.getInstance(RSA);cipher.init(Cipher.ENCRYPT_MODE, privateKey);byte[] result cipher.doFinal(text.getBytes());return Base64.encodeBase64String(result);}/*** 私钥解密** param privateKeyString 私钥* param text 待解密的文本* return 解密后的文本*/public static String decryptByPrivateKey(String privateKeyString, String text) throws Exception {PKCS8EncodedKeySpec pkcs8EncodedKeySpec5 new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyString));KeyFactory keyFactory KeyFactory.getInstance(RSA);PrivateKey privateKey keyFactory.generatePrivate(pkcs8EncodedKeySpec5);Cipher cipher Cipher.getInstance(RSA);cipher.init(Cipher.DECRYPT_MODE, privateKey);byte[] result cipher.doFinal(Base64.decodeBase64(text));return new String(result);}/*** 公钥加密** param publicKeyString 公钥* param text 待加密的文本* return 加密后的文本*/public static String encryptByPublicKey(String publicKeyString, String text) throws Exception {X509EncodedKeySpec x509EncodedKeySpec2 new X509EncodedKeySpec(Base64.decodeBase64(publicKeyString));KeyFactory keyFactory KeyFactory.getInstance(RSA);PublicKey publicKey keyFactory.generatePublic(x509EncodedKeySpec2);Cipher cipher Cipher.getInstance(RSA);cipher.init(Cipher.ENCRYPT_MODE, publicKey);byte[] result cipher.doFinal(text.getBytes());return Base64.encodeBase64String(result);}/*** 构建RSA密钥对** return 生成后的公私钥信息*/public static RsaKeyPair generateKeyPair() throws NoSuchAlgorithmException {KeyPairGenerator keyPairGenerator KeyPairGenerator.getInstance(RSA);keyPairGenerator.initialize(1024);KeyPair keyPair keyPairGenerator.generateKeyPair();RSAPublicKey rsaPublicKey (RSAPublicKey) keyPair.getPublic();RSAPrivateKey rsaPrivateKey (RSAPrivateKey) keyPair.getPrivate();String publicKeyString Base64.encodeBase64String(rsaPublicKey.getEncoded());String privateKeyString Base64.encodeBase64String(rsaPrivateKey.getEncoded());return new RsaKeyPair(publicKeyString, privateKeyString);}/*** RSA密钥对对象*/public static class RsaKeyPair {private final String publicKey;private final String privateKey;public RsaKeyPair(String publicKey, String privateKey) {this.publicKey publicKey;this.privateKey privateKey;}public String getPublicKey() {return publicKey;}public String getPrivateKey() {return privateKey;}}
}
3.登录代码 public TokenVo login(String username, String password) {try {passwordRsaUtils.decryptByPrivateKey(password);}catch (Exception e) {log.error(Failed to decrypt password: {}, e.getMessage());throw new CustomException(ResultCodeEnum.LOGIN_DECRYPT_ERROR);}//封装 AuthenticationUsernamePasswordAuthenticationToken authenticationToken new UsernamePasswordAuthenticationToken(username, password);//认证用户Authentication authenticate;try {authenticate authenticationManager.authenticate(authenticationToken);} catch (Exception e) {log.error(Authentication failed: {}, e.getMessage());throw new CustomException(ResultCodeEnum.LOGIN_AUTH_ERROR);}//获取认证用户信息UserDetailsInfo userDetailsInfo (UserDetailsInfo) authenticate.getPrincipal();boolean matches passwordEncoder.matches(password, userDetailsInfo.getPassword());if (!matches) {throw new CustomException(ResultCodeEnum.LOGIN_PWD_ERROR);}//认证通过生成jwtTokenVo tokenVonew TokenVo();String token jwtTokenUtil.generateToken(userDetailsInfo);tokenVo.setToken(token);tokenVo.setExpireTime(jwtTokenUtil.expiration);redisCache.setCacheObject(RedisConst.REDIS_TOKEN_PREFIXtoken, userDetailsInfo, jwtTokenUtil.expiration, TimeUnit.SECONDS);return tokenVo;}4.灵魂一问 passwordEncoder.matches(“A”, “B”); ,如果返还是True,这个B其实就是A通过passwordEncoder.encode();加密的对吧 不完全正确。在Spring Security中passwordEncoder.matches(“A”, “B”)的返回值为true表示密码匹配成功即明文密码A与加密后的密码B是匹配的。 passwordEncoder.encode(“A”)会将明文密码A进行加密生成一个新的加密密码。每次调用passwordEncoder.encode(“A”)都会生成不同的加密密码即使输入的明文密码相同。 因此如果passwordEncoder.matches(“A”, “B”)返回true并不意味着B是由A通过passwordEncoder.encode()加密得到的。它只表示明文密码A与加密密码B是匹配的即密码验证成功。
