SpringBoot项目总结--(1)字段校验与加密
2017-10-03 21:49
585 查看
一、多字段校验
提供Validator的实现类,并且实现Validator接口的supports和validate方法。supports方法用于判断当前类是不是需要校验的类。只有当supports方法返回的结果为true时,validate方法才会执行进行校验。public class UserDTOValidator implements Validator { String phoneRegex ="1[0-9]{10}"; @Override public boolean supports(Class<?> clazz) { return UserDTO.class.equals(clazz); } @Override public void validate(Object target, Errors errors) { UserDTO userDTO = (UserDTO) target; if (userDTO.getPhone() == null || userDTO.getPassword() == null) throw new BadRequestException(ErrorType.ILLEGAL_ARGUMENT, "不合法的用户名或密码"); if (!Pattern.matches(phoneRegex, userDTO.getPhone())) throw new BadRequestException(ErrorType.ILLEGAL_ARGUMENT, "不合法的用户名"); String pass = userDTO.getPassword(); if (pass.length() < 6 || pass.length() >11) throw new BadRequestException(ErrorType.ILLEGAL_ARGUMENT, "不合法的密码"); } }
Controlller层设置DataBinder
@InitBinder("userDTO") protected void initUserDTOBinder(WebDataBinder binder){ binder.addValidators(new UserDTOValidator()); }
@Valid注解
public void addUser(@RequestBody @Valid UserDTO userDTO, HttpSession session)
二、SecureRandom和PBKDF2加密
SecureRandomSectureRandom是提供加密的强随机数生成器,通过无参构造函数产生SecureRandom对象,再通过nextBytes方法生成指定字节数的随机数
public static String getRamdomSalt(){ //生成随机盐 SecureRandom random = new SecureRandom(); byte[] bytes = new byte[102]; random.nextBytes(bytes); return new String(bytes); }
PBKDF2加密
/* * Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm). * Copyright (c) 2013, Taylor Hornby * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import java.math.BigInteger; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.spec.InvalidKeySpecException; /* * PBKDF2 salted password hashing. * Author: havoc AT defuse.ca * www: http://crackstation.net/hashing-security.htm */ public class PasswordHash { public static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1"; // The following constants may be changed without breaking existing hashes. public static final int SALT_BYTE_SIZE = 24; public static final int HASH_BYTE_SIZE = 24; public static final int PBKDF2_ITERATIONS = 1000; public static final int ITERATION_INDEX = 0; public static final int SALT_INDEX = 1; public static final int PBKDF2_INDEX = 2; /** * Returns a salted PBKDF2 hash of the password. * * @param password the password to hash * @return a salted PBKDF2 hash of the password */ public static String createHash(String password) throws NoSuchAlgorithmException, InvalidKeySpecException { return createHash(password.toCharArray()); } /** * Returns a salted PBKDF2 hash of the password. * * @param password the password to hash * @return a salted PBKDF2 hash of the password */ public static String createHash(char[] password) throws NoSuchAlgorithmException, InvalidKeySpecException { // Generate a random salt SecureRandom random = new SecureRandom(); byte[] salt = new byte[SALT_BYTE_SIZE]; random.nextBytes(salt); // Hash the password byte[] hash = pbkdf2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE); // format iterations:salt:hash return PBKDF2_ITERATIONS + ":" + toHex(salt) + ":" + toHex(hash); } /** * Validates a password using a hash. * * @param password the password to check * @param correctHash the hash of the valid password * @return true if the password is correct, false if not */ public static boolean validatePassword(String password, String correctHash) throws NoSuchAlgorithmException, InvalidKeySpecException { return validatePassword(password.toCharArray(), correctHash); } /** * Validates a password using a hash. * * @param password the password to check * @param correctHash the hash of the valid password * @return true if the password is correct, false if not */ public static boolean validatePassword(char[] password, String correctHash) throws NoSuchAlgorithmException, InvalidKeySpecException { // Decode the hash into its parameters String[] params = correctHash.split(":"); int iterations = Integer.parseInt(params[ITERATION_INDEX]); byte[] salt = fromHex(params[SALT_INDEX]); byte[] hash = fromHex(params[PBKDF2_INDEX]); // Compute the hash of the provided password, using the same salt, // iteration count, and hash length byte[] testHash = pbkdf2(password, salt, iterations, hash.length); // Compare the hashes in constant time. The password is correct if // both hashes match. return slowEquals(hash, testHash); } /** * Compares two byte arrays in length-constant time. This comparison method * is used so that password hashes cannot be extracted from an on-line * system using a timing attack and then attacked off-line. * * @param a the first byte array * @param b the second byte array * @return true if both byte arrays are the same, false if not */ private static boolean slowEquals(byte[] a, byte[] b) { int diff = a.length ^ b.length; for (int i = 0; i < a.length && i < b.length; i++) diff |= a[i] ^ b[i]; return diff == 0; } /** * Computes the PBKDF2 hash of a password. * * @param password the password to hash. * @param salt the salt * @param iterations the iteration count (slowness factor) * @param bytes the length of the hash to compute in bytes * @return the PBDKF2 hash of the password */ private static byte[] pbkdf2(char[] password, byte[] salt, int iterations, int bytes) throws NoSuchAlgorithmException, InvalidKeySpecException { PBEKeySpec spec = new PBEKeySpec(password, salt, iterations, bytes * 8); SecretKeyFactory skf = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM); return skf.generateSecret(spec).getEncoded(); } /** * Converts a string of hexadecimal characters into a byte array. * * @param hex the hex string * @return the hex string decoded into a byte array */ private static byte[] fromHex(String hex) { byte[] binary = new byte[hex.length() / 2]; for (int i = 0; i < binary.length; i++) { binary[i] = (byte) Integer.parseInt(hex.substring(2 * i, 2 * i + 2), 16); } return binary; } /** * Converts a byte array into a hexadecimal string. * * @param array the byte array to convert * @return a length*2 character string encoding the byte array */ private static String toHex(byte[] array) { BigInteger bi = new BigInteger(1, array); String hex = bi.toString(16); int paddingLength = (array.length * 2) - hex.length(); if (paddingLength > 0) return String.format("%0" + paddingLength + "d", 0) + hex; else return hex; }
相关文章推荐
- Spring Boot 数据响应之数据加密以及字段过滤
- Springboot项目开发总结
- 基于maven的spring boot项目 部署到tomcat出现js文件失效处理思路总结
- 基于spring boot项目的多数据源配置与分布式事务处理总结
- ranong项目总结-Spring Boot Actuator(二)
- 如何在Spring Boot项目使用参数校验
- springboot搭建项目之日志AOP,支持日志内容可配置控制(黑名单字段不会打印或其他处理方式)
- 集成springboot+thymeleaf+redis+加密框架+异常邮件提醒等技术的开源项目
- Spring Boot项目使用参数校验
- 【SpringBoot】Spring Boot热部署( 第9章 Spring Boot项目的发布方式 第10章 课程总结 )
- 使用AOP记录SpringBoot项目编辑前后字段的具体改变
- 详解如何在Spring Boot项目使用参数校验
- spring boot JPA加密解密字段实践记录
- ranong项目总结-Spring Boot Actuator(一)
- Spring Boot应用之数据加密以及字段过滤
- 如何在Spring Boot项目使用参数校验
- Spring Boot应用之数据加密以及字段过滤
- Springboot项目搭建总结
- springboot 项目打包发布总结
- springboot项目配置多环境打包部署遇到的问题总结