文章簡介
- 最近公司的一款app需要提供token的令牌驗證。本人在使用之後總結一些經驗讓後來之人更快的掌握這一技術。
什麼是token,簡單來說token就相當於酒店的門卡。在門卡的有效期內可以打開該酒店的一間房間。轉回java,酒店相當於我們的後臺方法,token相當於門卡,在token的有效期內可以訪問後臺中的任意方法。*
話不多說先附代碼
DesUtils des = new DesUtils("leemenz");
@RequestMapping(value = "getUserNameBYword", method = RequestMethod.GET)
@ResponseBody
public InterfaceUtil<Userinfo> getuserinfo(@RequestParam(value="username")String username,@RequestParam(value="userword")String userword) throws Exception{
SimpleDateFormat fs = new SimpleDateFormat ("yyyy-MM-dd HH:mm:ss");
Date date = new Date();
List<Userinfo> list = null;
int rcode = 0;
String rmessage = "";
Userinfo user=userinfoservice.getUserNameBYword(username, userword);
if(user!=null){
if(user.getToken().equals("")){
String token = des.encrypt(fs.format(date));
user.setToken(token);
userinfoservice.updateUserinfoBytoken(user);
}else{
String jmtoken = des.decrypt(user.getToken());
Date d1 = fs.parse(jmtoken);
Date d2 = fs.parse(fs.format(date));
long diff = (d2.getTime() - d1.getTime())/1000;
if(diff>86400){
rcode = 201;
rmessage = "認證權限已過期";
user.setToken("");
userinfoservice.updateUserinfoBytoken(user);
return new InterfaceUtil<Userinfo>(rcode,rmessage,list);
}
}
list = new ArrayList<Userinfo>();
list.add(user);
if(list.size() != 0){
rcode = 200;
rmessage = "正常應答";
}else{
rcode = 9001;
rmessage = "系統錯誤";
}
return new InterfaceUtil<Userinfo>(rcode,rmessage,list);
}else{
rcode = 9002;
rmessage = "用戶名或密碼錯誤";
return new InterfaceUtil<Userinfo>(rcode,rmessage,list);
}
}
其中用到了DES的加密方法
package com.sanfan.utils;
import java.security.Key;
import javax.crypto.Cipher;
public class DesUtils {
private static String defaultSecretKey = "default_secret_key";
private Cipher encryptCipher = null;
private Cipher decryptCipher = null;
public DesUtils() throws Exception {
this(defaultSecretKey);
}
public DesUtils(String secretKey) {
Key key;
try {
key = getKey(secretKey.getBytes());
encryptCipher = Cipher.getInstance("DES");
encryptCipher.init(Cipher.ENCRYPT_MODE, key);
decryptCipher = Cipher.getInstance("DES");
decryptCipher.init(Cipher.DECRYPT_MODE, key);
} catch (Exception e) {
e.printStackTrace();
}
}
public String encrypt(String strIn) throws Exception {
return byteArr2HexStr(encrypt(strIn.getBytes()));
}
public byte[] encrypt(byte[] arrB) throws Exception {
return encryptCipher.doFinal(arrB);
}
public String decrypt(String strIn) throws Exception {
return new String(decrypt(hexStr2ByteArr(strIn)));
}
public byte[] decrypt(byte[] arrB) throws Exception {
return decryptCipher.doFinal(arrB);
}
public static String byteArr2HexStr(byte[] arrB) throws Exception {
int iLen = arrB.length;
StringBuffer sb = new StringBuffer(iLen * 2);
for (int i = 0; i < iLen; i++) {
int intTmp = arrB[i];
while (intTmp < 0) {
intTmp = intTmp + 256;
}
if (intTmp < 16) {
sb.append("0");
}
sb.append(Integer.toString(intTmp, 16));
}
return sb.toString();
}
public static byte[] hexStr2ByteArr(String strIn) throws Exception {
byte[] arrB = strIn.getBytes();
int iLen = arrB.length;
byte[] arrOut = new byte[iLen / 2];
for (int i = 0; i < iLen; i = i + 2) {
String strTmp = new String(arrB, i, 2);
arrOut[i / 2] = (byte) Integer.parseInt(strTmp, 16);
}
return arrOut;
}
private Key getKey(byte[] arrBTmp) throws Exception {
byte[] arrB = new byte[8];
for (int i = 0; i < arrBTmp.length && i < arrB.length; i++) {
arrB[i] = arrBTmp[i];
}
Key key = new javax.crypto.spec.SecretKeySpec(arrB, "DES");
return key;
}
public static void main(String[] args) {
try {
String test = "liwc";
DesUtils des = new DesUtils("leemenz");
System.out.println("加密前的字符:" + test);
System.out.println("加密後的字符:" + des.encrypt(test));
System.out.println("解密後的字符:" + des.decrypt(des.encrypt(test)));
} catch (Exception e) {
e.printStackTrace();
}
}
}
最後我們在攔截器裏寫攔截一下就可以了