Bcrypt - Use Bcrypt encryption algorithm to encrypt the password for the user to add contrast and continue to encrypt at login!!

Others 2020-02-28 10:48:05 views: null

Encryption results are as follows: (database)
Here Insert Picture Description

1. Why encrypt?

① To ensure data security , it is necessary to encrypt the user password!
stored in plain text insecurity (set by the user is valid and what is in the database)   
 
it: We often stored in the database is password after stored encrypted (ciphertext)

2. What is Bcrypt?
                          Is a cross-platform file encryption tool.

Features: by its encrypted files can be transferred on all supported operating systems and processors.
         It password must be 8 to 56 characters, and will be converted to the key 448 therein.
 
Note: The stronger the password, the more secure data.

First, the stored password is encrypted

First, the preparatory work.

1. Create a table sys_user (fields above)

2. Create the POJO objects: SysUser.java (with table of fields to be consistent)

public class SysUser {
    private Long id;
    private String username;
    private String password;
   
    // getter / setter方法. 
}

3. Form: (used to store data entered by the user) user_add.jsp

<form action="${pageContext.request.contextPath}/sysUser/addSysUser" method="post"> 
    用户名称:<input type="text"  name="username" placeholder="用户名称" value="">
    密码:<input type="password"  name="password"  placeholder="密码" value="">
         <button type="submit">保存</button>
</form>
Two, controller controlling layer
@Controller
@RequestMapping("sysUser")
public class SysUserController {

    @Autowired
    private SysUserService sysUserService;

    /**
     *   需求: 添加用户信息 ( 保存到数据库 )
     */
    @RequestMapping("addSysUser")
    public String addSysUser(SysUser sysUser){
        // 调用业务层 , 完成添加功能.
        sysUserService.addSysUser(sysUser);

        // 添加成功 ->  跳转到查询所有用户页面.
        return "redirect:/sysUser/findAllUser";
    }
}
Three, service business layer.

1.Spring_service.xml (Configure encryption algorithm Bcrypt.)

<!-- 添加Bcrypt加密算法 -->
<bean id="passwordEncoder"  class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />

2. Interface: SysUserService.java

public interface SysUserService extends UserDetailsService {
    // 添加用户信息. 
    void addSysUser(SysUser sysUser);
}

3. implementation class: SysUserServiceImpl.java ( Processing encryption logic )

@Service
public SysUserServiceImpl implements SysUserService{
    @Autowired
    private BCryptPasswordEncoder passwordEncoder;

    @Override
    public void addSysUser(SysUser sysUser) {
        // 获取用户输入的密码.
        String oldPassword = sysUser.getPassword();
        // 生成新的密码 (加密)
        String newPassword = passwordEncoder.encode(oldPassword);
        // 设置到SysUser中
        sysUser.setPassword(newPassword);

        sysUserMapper.addSysUser(sysUser);
}
Four, Mapper data layer.
<!-- 添加用户( insert语句 ) -->
<insert id="addSysUser">
    insert into sys_user
    values(null,#{username},#{password})
</insert>

Second, login, password entered by the user is encrypted (password compare)

1.security.xml profile. (Configure encryption method)

<!-- 配置认证信息(用户名和密码) -->
<security:authentication-manager> 
     <!-- 从数据库中获取密码 --> 
     <security:authenticaiton-provider user-service-ref="userService"> 
	   <!-- 指定加密方式(跟存储时的要一致)  --> 
           <security:password-encoder  ref="passwordEncoder" />
     </security:authentication-provider>
</security:authentication-manager>

2.service layer (query user information based on user name)

@Service("sysUserService")
public class SysUserServiceImpl implements SysUserService {

    @Autowired
    private SysUserMapper sysUserMapper;


    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        // 调用dao , 根据用户名查询用户.
        SysUser sysUser = sysUserMapper.findUserByUserName(username);

        // 返回UserDetails接口的实现类
        List<GrantedAuthority> grantedAuthorityList = new ArrayList<>();

        // 添加角色信息!
        grantedAuthorityList.add(new SimpleGrantedAuthority("ROLE_USER"));

        // 为User赋予用户名 , 密码. ( 注意密码前不加noop ) 
        User user = new User(username , sysUser.getPassword() ,  grantedAuthorityList);
        return user;
    }
}

3.mapper layer

<!-- 根据用户名查询账户信息.  -->
<select id="findUserByUserName" resultType="SysUser">
     select * from sys_user
     where username=#{username}
</select>
Xiao · Jian
Published 107 original articles · won praise 173 · views 120 000 +
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_42986107/article/details/84867587
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com