Provide encrypted configuration file
XX:
Encoder:
crypt:
Secret: $ {#} random.uuid random key, using the UUID
strength: 10 to 31 # 4 encryption strength, determines the number of operations when the encrypted password and salt, more than 10 after encryption will be time-consuming A significant increase
Parsing the configuration file, there is provided an encryption target into ioc container (injection BCryptPasswordEncoder objects in the business layer)
@Data @Configuration @ConfigurationProperties(prefix = "xx.encoder.crypt") public class PasswordConfig { private int strength; private String secret; @Bean public BCryptPasswordEncoder passwordEncoder(){ // 利用密钥生成随机安全码 SecureRandom secureRandom = new SecureRandom(secret.getBytes()); // 初始化BCryptPasswordEncoder return new BCryptPasswordEncoder(strength, secureRandom); } }
controller layer
@PostMapping ( "/ the Register" ) public ResponseEntity <Void> the Register (@Valid the User the User, BindingResult the Result, // @Valid comment + BindingResult result is Hibernat framework, the purpose of limiting the background parameters conform to the rules, @RequestParam ( "code" ) code String) { // do not go through the front page of registration, registered direct backstage, does not comply with the rules being given away here, custom exception information IF (result.hasErrors ()) { String errorMsg = result.getFieldErrors (). Stream () .map (FieldError :: getDefaultMessage) .collect (Collectors.joining ( "|" )); the throw new new XxException (500 , errorMsg); } userService.register(user,code); return ResponseEntity.status(HttpStatus.NO_CONTENT).build(); }
service layer, after going to encrypt the password entry in the database
@Autowired Private StringRedisTemplate redisTemplate; @Autowired Private BCryptPasswordEncoder PasswordEncoder / ** * Registry Services * @param User * @param code * / public void Register (the User User, String code) { // Get codes redis in String redisCode = redisTemplate .opsForValue () GET (PHONE_CODE +. user.getPhone ()); // than the verification code is correct iF (! StringUtils.equals (redisCode, code)) { // throw a custom exception ; } // password encryption user.setPassword (passwordEncoder.encode (user.getPassword ())); // storage int COUNT = userMapper.insertSelective (User); IF (! COUNT =. 1 ) { // throw a custom exception ; } }
In the preparation of the entity class, the front end of the check received user parameters
@Table (name = "tb_user" ) @Data public class the User { @Id @KeySql (useGeneratedKeys = to true ) Private Long ID; @Size (min =. 4, max = 16, Message = "username non-compliant" ) Private username String; @Size (min =. 4, max = 16, Message = "password does not meet specifications" ) Private String password; Private String Phone; Private a Date createTime; Private a Date updateTime; }