MD5盐值加密

为什么要对密码进行加密?

当你的数据库存储的都是明文密码的时候,如果有人攻击你的数据库导致你的数据库信息发生泄露,这样就导致信息不够安全,当进行加密以后,别人拿到你的数据库数据也会比较难得到密码。

 

先在pom.xml里面添加依赖

        <!--MD5盐值加密-->
        <dependency>
            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
        </dependency>
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
        </dependency>
        <!--MD5盐值加密-->

 

前端的加密:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3"
      xmlns:layout="http://www.ultrag.net.nz/thymeleaf/layout"
>
<head>
    <meta charset="UTF-8">
    <title>注册</title>
    <link th:href="@{/css/bootstrap.min.css}" rel="stylesheet"/>
</head>
<body>
<div class="container" style="text-align:center;margin-top:50px;">
    <div class="row col-md-6 col-md-offset-3">
        <div class="panel panel-default">
            <div class="panel-heading" th:text="${title}">注册页面</div>
            <div class="panel-body">
                <form id="registerForm"  th:action="@{/register}" th:object="${user}" method="post">
                    <div class="input-group">
                        <span class="input-group-addon">username</span>
                        <!-- <input     id="username" type="text" name="username" class="form-control" placeholder="用户名"> -->
                        <input id="username" type="text" th:field="*{username}" class="form-control" placeholder="用户名" >
                    </div>
                    <div><span th:if="${#fields.hasErrors('username')}" th:errors="*{username}" style="color:red;"></span></div>
                    <br>
                    <div class="input-group">
                        <span class="input-group-addon">password</span>
                        <!-- <input id="password" type="password" name="password" class="form-control" placeholder="密码"> -->
                        <!-- <input id="password" type="password" th:field="*{password}" class="form-control" placeholder="密码" >-->
                        <input id="password" type="password" name="password" class="form-control" placeholder="密码" >
                    </div>
                    <div><span th:if="${#fields.hasErrors('password')}" th:errors="*{password}" style="color:red;"></span></div>
                    <br>
                    <div class="input-group">
                        <span class="input-group-addon">re-password</span>
                        <!-- <input id="repassword" type="password" name="repassword" class="form-control" placeholder="确认密码"> -->
                        <input id="repassword" type="password" th:field="*{repassword}" class="form-control" placeholder="确认密码" >
                    </div>
                    <br>
                    <button type="submit" class="btn btn-primary register-btn">注册</button>
                    <button type="reset" class="btn btn-warning">重置</button>
                </form>
            </div>
        </div>
    </div>
</div>
<script th:src="@{/js/jquery-3.1.1.js}"></script>
<script th:src="@{/js/jquery.validate.min.js}"></script>
<script th:src="@{/js/additional-methods.min.js}"></script>
<script th:src="@{/js/messages_zh.min.js}"></script>
<script th:src="@{/js/jquery.md5.js}"></script>
<script type="text/javascript">
    $("#registerForm").validate({ //这里前端采用jQuery的表单验证,进行一些简单地输入校验
        rules: {
            username: "required",
            password: {
                required: true,
                minlength:4
            },
            repassword:{
                equalTo: "#password"
            }
        },
        submitHandler: function(form) {
            debugger;
            var salt = 'springboot';
            var newPassword = $.md5($("#password").val()+salt); //md5盐值加密
            $("#password").val(newPassword);
            form.submit();
        }
    });

</script>
</body>
</html>
register.html

 

后端编写一个MD5盐值加密的工具类:

public class MD5Util {
    public static String salt = "springboot";

    public static String md5(String str){
       return DigestUtils.md5Hex(str);
    }

    //因为前端做了一次加盐加密,后端也做了一次加盐加密,所以在登录的时候需要做两次加盐加密进行匹配


    //第一次加密
    public static String inputToBack(String str){
        return md5(str+salt);
    }

    //第二次加密
    public static String backToDb(String str,String dbsalt){
        return md5(str+dbsalt);
    }

    //两次加密以后和数据库里面的作对比,如果一样就证明输入的密码正确
    public static String inputToDb(String str,String dbsalt){
       return backToDb(inputToBack(str),dbsalt);
    }

}

 

后端的controller类:

@Controller
public class RegisterController {

    private static Logger log = LoggerFactory.getLogger(RegisterController.class);

    @Autowired
    public UserService userService;

    @RequestMapping(value="/reg", method=RequestMethod.GET)
    public String toRegister(Model model){
        model.addAttribute("user",new User());
        return "register";
    }

    @RequestMapping(value="/register", method=RequestMethod.POST)
    public ModelAndView register(@ModelAttribute(value="user") @Valid User user, BindingResult bindingResult){
        log.info("username="+user.getUsername()+";password="+user.getPassword());
        if(bindingResult.hasErrors()){
            return new ModelAndView("register");
        }
        //加入的盐
        String salt = "spring";
        String newPassword = MD5Util.backToDb(user.getPassword(), salt);
        user.setId(2018);
        user.setPassword(newPassword);
        user.setDbflag(salt);
        userService.register(user);
        return new ModelAndView("register");
    }
}

 

posted @ 2021-05-20 20:20  MyNorth  阅读(311)  评论(0)    收藏  举报