Features:
User login
User name verification
User Registration
Forgot your password: access issues
Submit a question answer:
reset Password
Obtaining user information
Update user information
Log: Delete session
Gateway Interface (11):
1 Log; 2 registration; 3 test user names are valid; 4 logged-on user access to information; 5 forgot password; answer questions submitted 6; 7 password reset forgotten passwords; 8 logged in to reset the password;
9 login status update user information; 10 to get the current logged-on user details information, and force login; 11 Log
1 SQL queries do not use the "select *", which fields need to check that
2:00 return to the user object, remember the user's password is set to null
learning target:
Override lateral, longitudinal override security vulnerability
MD5 and plaintext encryption to increase the value of salt: a MD5 encrypted using a gadget
//MD5加密 user.setPassword(MD5Util.MD5EncodeUtf8(user.getPassword()));
Tools:
package com.eshop.util; import org.springframework.util.StringUtils; import java.security.MessageDigest; /** * Created by geely */ public class MD5Util { private static String byteArrayToHexString(byte b[]) { StringBuffer resultSb = new StringBuffer(); for (int i = 0; i < b.length; i++) { resultSb.append(byteToHexString(b[i])); } return resultSb.toString(); } private static String byteToHexString(byte b) { int n = b; if (n < 0) { n += 256; } int d1 = n / 16; int d2 = n % 16; return hexDigits[d1] + hexDigits[d2]; } /** * 返回大写MD5 * * @param origin * @param charsetname * @return */ private static String MD5Encode(String origin, String charsetname) { String resultString = null; try { resultString = new String(origin); MessageDigest md = MessageDigest.getInstance("MD5"); if (charsetname == null || "".equals(charsetname)) { resultString = byteArrayToHexString(md.digest(resultString.getBytes())); } else { resultString = byteArrayToHexString(md.digest(resultString.getBytes(charsetname))); } } catch (Exception exception) { } return resultString.toUpperCase(); } public static String MD5EncodeUtf8(String origin) { //origin = origin + PropertiesUtil.getProperty("password.salt", ""); return MD5Encode(origin, "utf-8"); } private static final String hexDigits[] = {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"}; }
guava use of the cache:
Generating a random string UUID:
// use the UUID generate a random string, as a token stored String forgetToken = UUID.randomUUID () toString ();. // Create a class token stored token TokenCache.setKey ( "token" + username, forgetToken); return ServerResponce. createBySuccess (forgetToken);
token Deliverable:
com.eshop.common Package; Import com.google.common.cache.CacheBuilder; Import com.google.common.cache.CacheLoader; Import com.google.common.cache.LoadingCache; Import org.slf4j.Logger; Import ORG. slf4j.LoggerFactory; Import java.util.concurrent.TimeUnit; public class TokenCache { // declare log Private static Logger Logger = LoggerFactory.getLogger (TokenCache.class); //.initialCapacity(1000): set the initialization capacity; maximumSize ( 1000): when more than 3000, will be used to clean up cache LRU algorithm // expireAfterAccess (12, TimeUnit.HOURS): the cache is valid for 12 hours // default loading realize, when calling the get method can not find the corresponding token, this method will load @Override private static LoadingCache <String, String> localCache = CacheBuilder.newBuilder (). initialCapacity (1000) .maximumSize (3000) .expireAfterAccess (12, TimeUnit.HOURS) .build (the CacheLoader new new <String, String> () { return value; Load String public (String S) throws Exception { // null pointer exception unnecessary to return a string of "null" return "null"; } }); public static void setKey (String Key, String value) { / save * * Key / localCache.put (Key, value); } public static getKey String (String Key) { String value = null; the try { value = localCache.get (Key); IF (value.equals ( "null") ) { return null; } } the catch (Exception E) { logger.error ( "GET LocalCache error", E); } return null; } }
Reusable design object service response: a message response object
session of Use