1.密码字符串的带salt的MD5加密。
import java.security.MessageDigest; /** * Created by geely */ public class MD5Util { private static String PropertiesUtils; private static String byteArrayToHexString(byte b[]) { StringBuffer resultSb = new StringBuffer(); for (int i = 0; i < b.length; i++) {resultSb.append(byteToHexString(b[i]));} return resultSb.toString(); } private static String byteToHexString(byte b) { int n = b; if (n < 0) n += 256; int d1 = n / 16; int d2 = n % 16; return hexDigits[d1] + hexDigits[d2]; } /** * 返回大写MD5 * * @param origin * @param charsetname * @return */ private static String MD5Encode(String origin, String charsetname) { String resultString = null; try { resultString = new String(origin); MessageDigest md = MessageDigest.getInstance("MD5"); if (charsetname == null || "".equals(charsetname)) { resultString = byteArrayToHexString(md.digest(resultString.getBytes())); }else { resultString = byteArrayToHexString(md.digest(resultString.getBytes(charsetname))); } } catch (Exception exception) { } return resultString.toUpperCase(); } public static String MD5EncodeUtf8(String origin) { origin = origin + PropertiesUtil.getProperty("password.salt", ""); return MD5Encode(origin, "utf-8"); } private static final String hexDigits[] = {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"}; }
2.guava的缓存,存储token。
import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.util.concurrent.TimeUnit; /** * Created by fly on 2017/8/30. */ public class TokenCache { private static Logger logger = LoggerFactory.getLogger(TokenCache.class); public static final String TOKEN_PREFIX = "token_"; //LRU算法 最少使用算法 private static LoadingCache<String,String> localCache = CacheBuilder.newBuilder().initialCapacity(1000) .maximumSize(10000).expireAfterAccess(12, TimeUnit.HOURS).build( new CacheLoader<String, String>() { //默认的数据加载实现,当调用get取值的时候,如果key没有对应的值,就调用这个方法进行加载。 @Override public String load(String s) throws Exception { return "null"; } }); public static void setKey(String key,String value){ localCache.put(key,value); } public static String getKey(String key){ String value = null; try{ value = localCache.get(key); if("null".equals(value)){ return null; } return value; }catch(Exception e){ logger.error("localCache.get.error",e); } return null; } }
3.UUID生成token
4.常量类的封装,里面包括枚举类,常量接口类等。
import com.google.common.collect.Sets; import java.util.Set; /** * Created by fly on 2017/8/28. */ public class Const { public static final String CURRENT_USER = "current_user"; public static final String EMAIL = "email"; public static final String USERNAME = "username"; public interface Role{ int ROLE_CUSTOMER = 0;//普通用户 int ROLE_ADMIN = 1;//管理员 } public interface ProductListOrderBy{ Set<String> PRICE_ASC_DESC = Sets.newHashSet("price_desc","price_asc");//提高效率用set集合 O1 和 On } public interface Cart{ int CHECKED = 1;//即购物车选中状态 int UN_CHECKED = 0;//购物车中未选中状态 String LIMIT_NUM_FAIL = "LIMIT_NUM_FAIL"; String LIMIT_NUM_SUCCESS = "LIMIT_NUM_SUCCESS"; } public enum ProductStatusEnum{ ON_SALE(1,"在线"); private String value; private int code; ProductStatusEnum(int code,String value) { this.code = code; this.value = value; } public String getValue() { return value; } public int getCode() { return code; } } public enum OrderStatusEnum{ CANCELED(0,"已取消"), NO_PAY(10,"未支付"), PAID(20,"已付款"), SHIPPED(30,"已发货"), ORDER_SUCCESS(40,"订单完成"), ORDER_CLOSED(40,"订单关闭"); private String value; private int code; OrderStatusEnum(int code,String value) { this.code = code; this.value = value; } public String getValue() { return value; } public int getCode() { return code; } } public interface AlipayCallBack{ String TRADE_STATUS_WAIT_BUYER_PAY = "WAIT_BUYER_PAY"; String TRADE_STATUS_TRADE_SUCCESS = "TRADE_SUCCESS"; String RESPONSE_SUCCESS = "success"; String RESPONSE_FAILED = "failed"; } public enum PayPlatformEnum{ ALIPAY(1,"支付宝"); private String value; private int code; PayPlatformEnum(int code,String value) { this.code = code; this.value = value; } public String getValue() { return value; } public int getCode() { return code; } } }
5.高复用服务响应对象的设计思想及抽象封装
import org.codehaus.jackson.annotate.JsonIgnore; import org.codehaus.jackson.map.annotate.JsonSerialize; import java.io.Serializable; /** * Created by fly on 2017/8/27. */ @JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) //保证序列化json的时候,如果是null的对象,key也会消失 public class ServerResponse<T> implements Serializable { private int status; private String msg; private T data; private ServerResponse(int status) { this.status = status; } private ServerResponse(int status, T data) { this.status = status; this.data = data; } private ServerResponse(int status,String msg) { this.status = status; this.msg = msg; } private ServerResponse(int status,String msg, T data) { this.status = status; this.data = data; this.msg = msg; } //使之不在json序列化结果当中 @JsonIgnore public boolean isSuccess(){ return this.status == ResponseCode.SUCCESS.getCode(); } public int getStatus(){ return status; } public T getData(){ return data; } public String getMsg(){ return msg; } public static <T> ServerResponse<T> createBySuccess(){ return new ServerResponse<T>(ResponseCode.SUCCESS.getCode()); } public static <T> ServerResponse<T> createBySuccessMessage(String msg){ return new ServerResponse<T>(ResponseCode.SUCCESS.getCode(),msg); } public static <T> ServerResponse<T> createBySuccess(T data){ return new ServerResponse<T>(ResponseCode.SUCCESS.getCode(),data); } public static <T> ServerResponse<T> createBySuccess(String msg,T data){ return new ServerResponse<T>(ResponseCode.SUCCESS.getCode(),msg,data); } public static <T> ServerResponse<T> createByError(){ return new ServerResponse<T>(ResponseCode.ERROR.getCode(),ResponseCode.ERROR.getDesc()); } public static <T> ServerResponse<T> createByErrorMessage(String errorMessage){ return new ServerResponse<T>(ResponseCode.ERROR.getCode(),errorMessage); } public static <T> ServerResponse<T> createByErrorCodeMessage(int errorCode,String errorMessage){ return new ServerResponse<T>(errorCode,errorMessage); } }
6.httpSession的session的使用,用于存储登录用户的信息。
7.横向越权、纵向越权安全漏洞的考虑。