前言:密码加密有很多种方案,这里不做过多讨论,本篇文章是基于RSA加密实现。
首先在前端工程中需要引入加密js: "jsencrypt": "2.3.1",(注意单独导入可能报错,可以删除整个node_modules,然后重新npm install)
然后在登陆提交表单的地方代码修改如下:
// 引入jsimport {JSEncrypt} from 'jsencrypt' // 提交表单方法 dataFormSubmit () { this.dataForm.password = this.passwordEncryption(this.dataForm.password + ',' + new Date().getTime()) this.$http({ url: this.$http.adornUrl('/sys/login'), method: 'post', data: this.$http.adornData({ 'username': this.dataForm.userName, 'password': this.dataForm.password, 'uuid': this.dataForm.uuid, 'captcha': this.dataForm.captcha }) }, //密码加密方法 passwordEncryption (passwordUser) { console.log(this.rsaKey + ' ********后台获取公钥********** ') let publicKey = this.rsaKey // 从后台获取公钥 let encryptor = new JSEncrypt() // 新建JSEncrypt对象 encryptor.setPublicKey(publicKey) // 设置公钥 let passwordEncryp = encryptor.encrypt(passwordUser) // 对密码进行加密 console.log(passwordEncryp + ' ****************** ') return passwordEncryp },// 获取公钥的方法getRsaKey () { this.$http({ url: this.$http.adornUrl('/sys/login/rsaKey'), method: 'get' }).then(({data}) => { this.rsaKey = data })}
后端工程代码如下
//controller 密码加密后用密钥解密form.setPassword(AccountSecurityUtils.decrypt(form.getPassword())); //AccountSecurityUtils 工具类
public static final String PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsD1gI70BxYujhNw8NpaVKRXkcRofoeUbN9Dj5m3i3h9XAIS6LkjI01L4ieRpTHnMEzoXUY8a2/svDf//xuHuDJlZBNtCXK4DPx5x4zHdUWDjFGpWlMQzhsqQlfs0tkN5gP095g27L0ki/NrRuBpgxP1q2dHKpL37sBF8XNRpedwIDAQAB"; private static final String PRIVATE_KEY = "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKwPWAjvQHFi6OE3Dw2lpUpFeRxGh+h5Rs30OPmbeLeH1cAhLouSMjTUviJ5GlMecwTOhdRjxrb+y8N///G4e4MmVkE20JcrgM/HnHjMd1RYOMUalaUxDOGypCV+zS2Q3mA/T3mDbsvSSL82tG4GmDE/WrZ0cqkvfuwEXxc1Gl53AgMBAAECgYEAogyhgWi0bRYW92Z/yv6julvMQRE8l3sBcJ//uTbwbwqECrw1tkYu+wsTOCyO2pHnCjPoX6zJTziSeMJpMCPsToCm3+EO38Ki/12RSJ51DgSl7C4R8leoFMZAmExQO4L1rVae2dJS80dvfpLeNiquJw4y7xjXIBUYbQfu+mNKHoECQQDic2F3UMm05M1d/POQHqsuMohoDhwVM0N8/SdbA4fpYFFOahMWdmuFclYbkgTwfYBdGMH/UHLsCGWVv8z48jKHAkEAwoMID93DzTsZWqxAoyGDg7GGdNsMPvYErRxwcOVNpdQXv8F7IAXOslLTvJF542dplCCNzLgyupwxMPlMLuZAkQJANpcoHPJt3dz2oTzUnp62F6n49lTIclfsYhpJPYipYBpnH2c0+MpNe1sn5Peblzo6ErdgNSN4wOv5SVN2n2ELywJAGjyiccFwD9bQ7LIfZeG3Y6QmhsylMjjtGIylfhTwDFY3fd4TRZaC8vrJJL5aupnQW/KoLd0KurEm0XxPEmRsgQJARKNghvpoce39bD/BbC2AojY5Ea6afLzW+GllxHGNGkgGu+x3c4PIUDAt8f60021WoENtonEQpEjzbIU5XpefJA=="; /** * 加密数据和秘钥的编码方式 */ public static final String UTF_8 = "UTF-8"; public static final String RSA_ALGORITHM_NO_PADDING = "RSA";
public static String decrypt(String password) { try { String getPass = decryptRSADefault(PRIVATE_KEY, password); String longtime = StringUtils.substringAfterLast(getPass, ","); if ((System.currentTimeMillis() - Long.valueOf(longtime) > 30 * 60 * 1000)) { //抛出自定义异常 throw new MYException("密码超时"); } return StringUtils.substringBeforeLast(getPass, ","); } catch (Exception e) { if (e instanceof MYException) { throw new MYException(e.getMessage()); } log.error("password is :" + password + " 密码解密异常:" + e.getMessage()); } return null; } public static String decryptRSADefault(String privateKeyStr, String data) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException { KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM_NO_PADDING); byte[] privateKeyArray = privateKeyStr.getBytes(); byte[] dataArray = data.getBytes(); PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyArray)); PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec); Cipher cipher = Cipher.getInstance(RSA_ALGORITHM_NO_PADDING); cipher.init(Cipher.DECRYPT_MODE, privateKey); return new String(cipher.doFinal(Base64.decodeBase64(dataArray)), UTF_8); } 相关代码参考博客:https://blog.csdn.net/qq_37346607/article/details/85237368