如何在java Struts2中加密和解密用户ID和密码

时间:2015-04-14 08:32:15

标签: java http https

我有加密密码和用户ID以及在数据库中以哈希码格式保存的密码,但我没有在防篡改数据输出请求中获得加密密码和用户ID。我希望这是出于安全目的。 

 public boolean isLoginValid() throws Exception {
    Connection con = null;
    PreparedStatement pstmt = null;
    ResultSet rs = null;
    String userType = "";
    int i = 1;
    boolean mm = false;
    try {
        con = ConnectionDB.createConnection();

        pstmt = con.prepareStatement("SELECT user_id,login_password, IFNULL(mdlname, '') mdlname, IFNULL(surname, '') surname, " +
                "user_name,USER_TYPE,lock_status, CURDATE() as cdate FROM user_master WHERE user_id = ? " +
                "and deleted_status=0", ResultSet.TYPE_SCROLL_SENSITIVE, ResultSet.CONCUR_UPDATABLE);
        pstmt.setString(1, this.getUserid());
        rs = pstmt.executeQuery();
        if (rs.next()) {
            SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss");

            if (!rs.getString("login_password").equals(getHashedPassword(this.getPassword()))) {

                throw new DuplicateException("UserID / Password You entered is incorrect.");
            }
            String loginTime = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.SHORT).format(new Date());
            UserBean ObjUserBean = new UserBean();
            ObjUserBean.setLoginName(this.getUserid().trim().toUpperCase());
            ObjUserBean.setUserName(rs.getString("user_name").replaceAll("$", " ").trim());

            ObjUserBean.setServerdate(rs.getString("cdate").trim());
            System.out.println("Server Date : " + ObjUserBean.getServerdate());
            ObjUserBean.setUserid(this.getUserid().trim());
            ObjUserBean.setTxtMdlName(rs.getString("mdlname").trim());
            ObjUserBean.setTxtSurName(rs.getString("surname").trim());

            if (rs.getString("USER_TYPE").equals("S")) {
                throw new DuplicateUserTypeException("UserID / Password You entered is incorrect.");
            } else if (rs.getString("USER_TYPE").equals("A")) {
                throw new DuplicateUserTypeException("UserID / Password You entered is incorrect.");
            } else if (rs.getString("USER_TYPE").equals("N")) {
                ObjUserBean.setRoleName("Online User");
            } else {
                ObjUserBean.setRoleName("Offline User");
            }
            ObjUserBean.setLoginDate(loginTime);
            ObjUserBean.setUserInfo();

HashCode方法

 public String getHashedPassword(String pstrPassword) throws Exception {
    MessageDigest objMsgDigest;
    try {
        objMsgDigest = MessageDigest.getInstance("SHA-1");
        objMsgDigest.update(pstrPassword.getBytes("UTF-8"));
    } catch (NoSuchAlgorithmException e) {
        throw e;
    } catch (UnsupportedEncodingException e) {
        throw e;
    }
    byte byteHash[] = objMsgDigest.digest();
    String strHashPwd = "";
    for (int i = 0; i < byteHash.length; i++) {

        // for (byte aByteHash : byteHash) {
        strHashPwd += Integer.toHexString(byteHash[i] & 0xff);
    }
    return strHashPwd;
}

0 个答案:

没有答案
相关问题
最新问题