學(xué)習(xí)基于ssm框架前后端分離實(shí)現(xiàn)注冊登錄MD5加密的心得體會

1.什么是MD5加密

MD5概述：

MD5消息摘要算法，屬Hash算法一類。MD5算法對輸入任意長度的消息進(jìn)行運(yùn)行，產(chǎn)生一個(gè)128位的消息摘要(32位的數(shù)字字母混合碼)。

在這我就不細(xì)探究算法了，學(xué)會運(yùn)用這個(gè)工具類就行，詳細(xì)講解參考

2.所需依賴

        <dependency>
            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
        </dependency>
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>3.6</version>
        </dependency>

3.工具類MD5Util

創(chuàng)建一個(gè)utils包

創(chuàng)建Md5Util類

package com.wjk.utils;

import org.apache.commons.codec.digest.DigestUtils;

public class Md5Util {

    // 實(shí)現(xiàn)一個(gè)md5加解密

    public final static String md5Key = "lalalalall";

    /**
     *
     * @param strPwd 明文密碼
     * @param
     * @return 密文
     * @throws Exception
     */
    //用于注冊時(shí)對密碼進(jìn)行加密
    public static String md5(String strPwd,String Key) throws Exception{
        // 獲取加密后的字符串
        String encodeStr = DigestUtils.md5Hex(strPwd + Key);
        return encodeStr;
    }

    /**
     * 用戶登錄，密碼驗(yàn)證
     * @param pwdStr 明文字符串
     * @param md5 密文字符串
     * @return
     */
    public static boolean passwordVerify(String pwdStr,String md5,String key) throws Exception {
        //在該方法中，不需要在外面做密碼加密，登錄時(shí)獲取到當(dāng)前用戶輸入的密碼，在方法里進(jìn)行加密
        String md5Pwd= md5(pwdStr,key);
        System.out.println(md5Pwd);
        if (md5Pwd.equalsIgnoreCase(md5)){
            return true;
        }
        return false;
    }


}

4.mapper類

package com.wjk.mapper;

import com.wjk.entity.Account;
import org.apache.ibatis.annotations.*;
import org.springframework.stereotype.Component;

import java.util.List;
@Component
public interface AccountMapper {

    @Select("select * from account")
    @Results({
            @Result(property = "accountId",column = "account_id"),
            @Result(property = "accountName",column = "account_name"),
            @Result(property = "passWord",column = "password"),
            @Result(property = "createTime",column = "create_time"),
            @Result(property = "updateTime",column = "update_time")
    })
    List<Account> selectAccount();
    //新賬戶注冊
    @Insert("insert into account(account_name,password,create_time,update_time) values (#{accountName},#{passWord},#{createTime},#{updateTime}) ")
    int insertAccount(Account account);

    //通過accountName查詢用戶信息，用于登錄驗(yàn)證
    @Select("select * from account where account_name = #{accountName}")
    @Results({
            @Result(property = "accountId",column = "account_id"),
            @Result(property = "accountName",column = "account_name"),
            @Result(property = "passWord",column = "password"),
            @Result(property = "createTime",column = "create_time"),
            @Result(property = "updateTime",column = "update_time")
    })
   Account selectAccountByName(String accountName);
}

5.service類

package com.wjk.service;

import com.wjk.entity.Account;

import java.util.List;

public interface AccountService {

    List<Account> findAccount();
    //新賬戶注冊
    int addAcount(Account account);
    //通過accountName查詢用戶信息，用于登錄驗(yàn)證
    Account findAccountByName(String accountName);
}

serviceImpl

package com.wjk.service.Impl;

import com.wjk.entity.Account;
import com.wjk.mapper.AccountMapper;
import com.wjk.service.AccountService;
import com.wjk.utils.Md5Util;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import javax.annotation.Resource;
import java.util.List;

@Service
public class AccountServiceImpl implements AccountService {

    @Autowired
    private AccountMapper accountMapper;

//通過accountName查詢用戶信息，用于登錄驗(yàn)證
    @Override
    public List<Account> findAccount() {
        return accountMapper.selectAccount();
    }

    @Override
    public Account findAccountByName(String accountName) {
        return accountMapper.selectAccountByName(accountName);
    }

    //新賬戶注冊
    @Override
    public int addAcount(Account account) {
        return accountMapper.insertAccount(account);
    }

}

6.controller

package com.wjk.controller;

import com.wjk.config.result.R;
import com.wjk.entity.Account;
import com.wjk.service.AccountService;
import com.wjk.service.Impl.AccountServiceImpl;
import com.wjk.utils.JwtTokenUtil;
import com.wjk.utils.Md5Util;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import java.util.Date;
import java.util.Map;

@RestController
@RequestMapping("/account")
public class AccountController {

    @Autowired
    private AccountServiceImpl accountServiceImpl;
    //登錄
    @PostMapping("/login")
    public R login(@RequestBody Account request, HttpServletResponse response) throws Exception {
        //登錄應(yīng)該先通過輸入的用戶名在數(shù)據(jù)庫中查找用戶信息，如果不為空才進(jìn)行后面的邏輯
        Account account = accountServiceImpl.findAccountByName(request.getAccountName());
        System.out.println(account);
        if(account!=null){
            System.out.println(1);
            //開始校驗(yàn)密碼
            String ps = request.getPassWord();
            System.out.println(ps);
            boolean result = Md5Util.passwordVerify(ps,account.getPassWord(),Md5Util.md5Key);
//            System.out.println(Md5Util.md5(ps));
            if(result){
                System.out.println(2);
                //如果密碼賬戶都校驗(yàn)成功，則獲取token
                System.out.println(account.getAccountId());
                String token = JwtTokenUtil.buildJwt(account.getAccountName(),account.getAccountId());
                System.out.println(token);
                //將token寫入響應(yīng)頭中存放到cookie中
                response.addHeader("Authorization","Bearer" + token);
                response.setContentType("application/json;charset=utf-8");
                if(token!=null){
                    System.out.println(3);
                    //如果token不等于空則存放到cookie中
                    Cookie cookie = new Cookie("TOKEN",token);
                    //設(shè)置token有效時(shí)間
                    cookie.setMaxAge(3600);
                    cookie.setPath("/");
                    response.addCookie(cookie);
                }
                return R.Success("token的值：" + token);
            }
            System.out.println(5);
        }

        return R.Failed("登錄失?。?);
    }

    //注冊
  @RequestMapping(value = "/registe",method = RequestMethod.GET)
    public R registe(String accountName,String passWord){
        //在用戶輸入賬號密碼后對數(shù)據(jù)庫中已存在的用戶信息進(jìn)行校驗(yàn)該用戶名是否存在
        //通過輸入的用戶名查找用戶信息放入account
        Account account = accountServiceImpl.findAccountByName(accountName);
        //判斷是否為空，如果為空則進(jìn)行存入數(shù)據(jù)庫
        if(account == null){
            try {
                //對輸入的密碼進(jìn)行加密
                String inputPassword = Md5Util.md5(passWord,Md5Util.md5Key);
                Account account1 = new Account();
                Date currenTime = new Date();
                account1.setAccountName(accountName);
                account1.setPassWord(inputPassword);
                account1.setCreateTime(currenTime);
                account1.setUpdateTime(currenTime);
                int result = accountServiceImpl.addAcount(account1);
                System.out.println(result);
                return R.Success("注冊成功");
            } catch (Exception e) {
                e.printStackTrace();
                return R.Failed("注冊失敗");
            }
        }
        return R.Failed("失敗");

    }

}

7.利用postman工具測試結(jié)果

8.心得體會

在注冊時(shí)，用戶輸入用戶名和密碼后，后臺通過輸入的賬戶去數(shù)據(jù)庫查詢有無相同的用戶名，沒有則將密碼進(jìn)行加密后存進(jìn)數(shù)據(jù)庫，登錄時(shí)，用戶輸入用戶名和密碼，同樣，先將輸入的用戶名拿去數(shù)據(jù)庫進(jìn)行查詢用戶信息是否為空，如果存在該用戶，則將用戶輸入的密碼進(jìn)行加密后，再與注冊時(shí)加密的密碼進(jìn)行對比，若相同則登錄成功。在看似簡單的流程中，我卻犯了一個(gè)錯(cuò)，那就是邏輯不清晰，一會在service里進(jìn)行加密邏輯處理，一會又在controller里進(jìn)行，這導(dǎo)致了中間某個(gè)過程密碼加密了多次，然后登陸時(shí)加密的密碼就不與注冊時(shí)加密的密碼匹配，困擾了我很久很久，所以一定要邏輯清晰，建議還是在service里進(jìn)行邏輯處理，最后祝大家打代碼不報(bào)錯(cuò)并感謝各位大佬能提出寶貴意見