Encryption results are as follows: (database)
1. Why encrypt?
① To ensure data security , it is necessary to encrypt the user password!
② stored in plain text insecurity (set by the user is valid and what is in the database)
it: We often stored in the database is password after stored encrypted (ciphertext)
2. What is Bcrypt?
Is a cross-platform file encryption tool.
Features: by its encrypted files can be transferred on all supported operating systems and processors.
It password must be 8 to 56 characters, and will be converted to the key 448 therein.
Note: The stronger the password, the more secure data.
First, the stored password is encrypted
First, the preparatory work.
1. Create a table sys_user (fields above)
2. Create the POJO objects: SysUser.java (with table of fields to be consistent)
public class SysUser {
private Long id;
private String username;
private String password;
// getter / setter方法.
}
3. Form: (used to store data entered by the user) user_add.jsp
<form action="${pageContext.request.contextPath}/sysUser/addSysUser" method="post">
用户名称:<input type="text" name="username" placeholder="用户名称" value="">
密码:<input type="password" name="password" placeholder="密码" value="">
<button type="submit">保存</button>
</form>
Two, controller controlling layer
@Controller
@RequestMapping("sysUser")
public class SysUserController {
@Autowired
private SysUserService sysUserService;
/**
* 需求: 添加用户信息 ( 保存到数据库 )
*/
@RequestMapping("addSysUser")
public String addSysUser(SysUser sysUser){
// 调用业务层 , 完成添加功能.
sysUserService.addSysUser(sysUser);
// 添加成功 -> 跳转到查询所有用户页面.
return "redirect:/sysUser/findAllUser";
}
}
Three, service business layer.
1.Spring_service.xml (Configure encryption algorithm Bcrypt.)
<!-- 添加Bcrypt加密算法 -->
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
2. Interface: SysUserService.java
public interface SysUserService extends UserDetailsService {
// 添加用户信息.
void addSysUser(SysUser sysUser);
}
3. implementation class: SysUserServiceImpl.java ( Processing encryption logic )
@Service
public SysUserServiceImpl implements SysUserService{
@Autowired
private BCryptPasswordEncoder passwordEncoder;
@Override
public void addSysUser(SysUser sysUser) {
// 获取用户输入的密码.
String oldPassword = sysUser.getPassword();
// 生成新的密码 (加密)
String newPassword = passwordEncoder.encode(oldPassword);
// 设置到SysUser中
sysUser.setPassword(newPassword);
sysUserMapper.addSysUser(sysUser);
}
Four, Mapper data layer.
<!-- 添加用户( insert语句 ) -->
<insert id="addSysUser">
insert into sys_user
values(null,#{username},#{password})
</insert>
Second, login, password entered by the user is encrypted (password compare)
1.security.xml profile. (Configure encryption method)
<!-- 配置认证信息(用户名和密码) -->
<security:authentication-manager>
<!-- 从数据库中获取密码 -->
<security:authenticaiton-provider user-service-ref="userService">
<!-- 指定加密方式(跟存储时的要一致) -->
<security:password-encoder ref="passwordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
2.service layer (query user information based on user name)
@Service("sysUserService")
public class SysUserServiceImpl implements SysUserService {
@Autowired
private SysUserMapper sysUserMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// 调用dao , 根据用户名查询用户.
SysUser sysUser = sysUserMapper.findUserByUserName(username);
// 返回UserDetails接口的实现类
List<GrantedAuthority> grantedAuthorityList = new ArrayList<>();
// 添加角色信息!
grantedAuthorityList.add(new SimpleGrantedAuthority("ROLE_USER"));
// 为User赋予用户名 , 密码. ( 注意密码前不加noop )
User user = new User(username , sysUser.getPassword() , grantedAuthorityList);
return user;
}
}
3.mapper layer
<!-- 根据用户名查询账户信息. -->
<select id="findUserByUserName" resultType="SysUser">
select * from sys_user
where username=#{username}
</select>