若依项目实现手机号+密码登录且密码验证为自定义加密方式 |
您所在的位置:网站首页 › 微信语音信息加密了怎样解密登录 › 若依项目实现手机号+密码登录且密码验证为自定义加密方式 |
若依项目实现手机号+密码登录且密码验证为自定义加密方式
|
由于使用若依后台管理系统需要匹配其它平台使用同一套数据库,故需要有相同的加密解密方式,下面分享使用手机号+密码登录且加密解密方式为AES的实现代码。 总体的实现思路是先将若依设置为免密登录,即不使用若依自带的加密解密方式,然后再加入AES方式 修改身份认证接口在SecurityConfig.java文件中找到身份认证接口函数做下述修改 /** * 身份认证接口 */ @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { //添加自己的身份验证类,userDetailsService这个可以自己在重新定义根据那个字段验证用户存在与否 auth.authenticationProvider(new CustomLoginAuthenticationProvider(userDetailsService)); auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder()); } SysLoginController.java这里重新链接一下要使用的登录验证函数 @Autowired private ILoginService LoginService; /** * 登录方法 * * @param loginBody 登录信息 * @return 结果 * @throws Exception */ @PostMapping("/login") public AjaxResult login(@RequestBody LoginBody loginBody) throws Exception { AjaxResult ajax = AjaxResult.success(); //注意此处调用了LoginService.loginByMobile,需要自己添加 String token = LoginService.loginByMobile(loginBody.getUsername(), loginBody.getPassword(), loginBody.getCode(), loginBody.getUuid()); ajax.put(Constants.TOKEN, token); return ajax; } ILoginService.java package com.ruoyi.framework.web.service; /** * @DESCRIPTION 手机号关于登录接口 * @author cy * @date 2021-11-3 19:56 */ public interface ILoginService { String loginByMobile(String username, String password, String code, String uuid) throws Exception; } LoginServiceImpl.java此文件是实现的关键 package com.ruoyi.framework.web.service; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.ruoyi.common.constant.Constants; import com.ruoyi.common.core.domain.entity.SysUser; import com.ruoyi.common.core.domain.model.LoginUser; import com.ruoyi.common.core.redis.RedisCache; import com.ruoyi.common.exception.CustomException; import com.ruoyi.common.exception.user.CaptchaException; import com.ruoyi.common.exception.user.CaptchaExpireException; import com.ruoyi.common.exception.user.UserPasswordNotMatchException; import com.ruoyi.common.utils.MessageUtils; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.framework.manager.AsyncManager; import com.ruoyi.framework.manager.factory.AsyncFactory; import com.ruoyi.system.service.ISysUserService; import com.ruoyi.web.controller.tool.AESForNodejs; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.stereotype.Service; import javax.annotation.Resource; /** * @description: 手机号关于登录接口 * @author: cy * @date: 2021-11-03 20:12 */ @Service public class LoginServiceImpl implements ILoginService { private static final Logger log = LoggerFactory.getLogger(UserDetailsServiceImpl.class); @Autowired private TokenService tokenService; @Resource private AuthenticationManager authenticationManager; @Autowired private ISysUserService userService; @Autowired private RedisCache redisCache; /** * 免密常量 */ public static final String CUSTOM_LOGIN_SMS = "CUSTOM_LOGIN_SMS"; /** * @Description 手机号+密码登录 * @author cy * @date 2021-11-03 20:32 * @return java.lang.String * @throws Exception */ public String loginByMobile(String account, String password, String code, String uuid) throws Exception{ String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid; String captcha = redisCache.getCacheObject(verifyKey); redisCache.deleteObject(verifyKey); //校验验证码是否正确 if (captcha == null) { AsyncManager.me().execute(AsyncFactory.recordLogininfor(account, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire"))); throw new CaptchaExpireException(); } if (!code.equalsIgnoreCase(captcha)) { AsyncManager.me().execute(AsyncFactory.recordLogininfor(account, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error"))); throw new CaptchaException(); } //通过手机号或许数据库中储存的用户信息 SysUser user = userService.selectUserByAccount(account); if (StringUtils.isNull(user)) { log.info("登录用户:{} 不存在.", account); return loginVerify(account,Constants.LOGIN_FAIL); } //解密,判断与数据库中储存的密码是否相同,此处使用AES进行加密解密 String db_password = AESForNodejs.decrypt(user.getPassword()); if(!db_password.equals(password)) { log.info("登录用户:{} 密码错误.", account); return loginVerify(account,Constants.LOGIN_FAIL); } //TODO 2、用户验证 return loginVerify(account,Constants.CUSTOM_LOGIN_SMS); } /** * @Description 登录验证 * @author cy * @date 2021-11-03 20:45 * @param userName 用户名 * @param passWord 密码 * @return java.lang.String */ private String loginVerify(String userName,String passWord) { //TODO 1、用户验证 Authentication authentication = null; try { //TODO 1.1该方法会去调用UserDetailsServiceImpl.loadUserByUsername authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(userName, passWord)); } catch (Exception e) { if (e instanceof BadCredentialsException) { AsyncManager.me().execute(AsyncFactory.recordLogininfor(userName, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match"))); throw new UserPasswordNotMatchException(); } else { AsyncManager.me().execute(AsyncFactory.recordLogininfor(userName, Constants.LOGIN_FAIL, e.getMessage())); throw new CustomException(e.getMessage()); } } AsyncManager.me().execute(AsyncFactory.recordLogininfor(userName, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"))); LoginUser loginUser = (LoginUser) authentication.getPrincipal(); //TODO 2、生成token return tokenService.createToken(loginUser); } }①由于在LoginServiceImpl.java文件中定义了免密常量,所以需要在Constants文件中增加免密常量 ②由于在LoginServiceImpl.java文件中使用了自定义的AES解密方式,所以需要定义该类 AESForNodejs.java package com.ruoyi.web.controller.tool; import java.security.MessageDigest; import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec; /** * AES加密,与Nodejs 保持一致 * @author lmiky * @date 2014-2-25 */ public class AESForNodejs { public static final String DEFAULT_CODING = "utf-8"; /** * 解密 * @author lmiky * @date 2014-2-25 * @param encrypted * @param seed * @return * @throws Exception */ public static String decrypt(String encrypted) throws Exception { String seed = "1234567887654321"; byte[] keyb = seed.getBytes(DEFAULT_CODING); MessageDigest md = MessageDigest.getInstance("MD5"); byte[] thedigest = md.digest(keyb); SecretKeySpec skey = new SecretKeySpec(thedigest, "AES"); Cipher dcipher = Cipher.getInstance("AES"); dcipher.init(Cipher.DECRYPT_MODE, skey); byte[] clearbyte = dcipher.doFinal(toByte(encrypted)); return new String(clearbyte); } /** * 加密 * @author lmiky * @date 2014-2-25 * @param content * @param key * @return * @throws Exception */ public static String encrypt(String content) throws Exception { String key = "1234567887654321"; byte[] input = content.getBytes(DEFAULT_CODING); MessageDigest md = MessageDigest.getInstance("MD5"); byte[] thedigest = md.digest(key.getBytes(DEFAULT_CODING)); SecretKeySpec skc = new SecretKeySpec(thedigest, "AES"); Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, skc); byte[] cipherText = new byte[cipher.getOutputSize(input.length)]; int ctLength = cipher.update(input, 0, input.length, cipherText, 0); ctLength += cipher.doFinal(cipherText, ctLength); return parseByte2HexStr(cipherText); } /** * 字符串转字节数组 * @author lmiky * @date 2014-2-25 * @param hexString * @return */ private static byte[] toByte(String hexString) { int len = hexString.length() / 2; byte[] result = new byte[len]; for (int i = 0; i |
【本文地址】