【发布时间】:2020-10-08 19:34:48
【问题描述】:
我正在使用桌面应用程序的登录/注册系统。我有一个注册表单和登录表,凭据信息保存到 PostgreSQL 数据库。我开始时没有加密信息,一切正常,但我现在想加密密码以保存到数据库。我正在使用 Jasypt 并获得了加密并保存到数据库的密码:
public void actionPerformed(ActionEvent e){
if(e.getSource() == registerButton){
try{
//connects to the database
Connection conn = DriverManager.getConnection("jdbc:postgresql://localhost:5432/cc","pi","server");
//inserts values into table
PreparedStatement statement = conn.prepareStatement("insert into users values(?,?,?,?,?)");
statement.setString(1, firstName.getText());
statement.setString(2, lastName.getText());
statement.setString(3, email.getText());
statement.setString(4, username.getText());
//checks password to ensure confirmation matches
//encrypts password for storing in database
if(password.getText().equals(confPass.getText())){
StrongPasswordEncryptor passwordEncryptor = new StrongPasswordEncryptor();
String encryptPass = passwordEncryptor.encryptPassword(password.toString());
statement.setString(5, encryptPass);
statement.executeUpdate();
JOptionPane.showMessageDialog(null, "Registered Successfully");
frame.dispatchEvent(new WindowEvent(frame, WindowEvent.WINDOW_CLOSING));
}
else{
JOptionPane.showMessageDialog(null, "Password did not match");
}
} catch(SQLException f){
f.printStackTrace();
}
}
这很好用,我的密码是加密的。我不知道从哪里开始从数据库中获取密码以将加密密码与用户输入进行比较。我用于比较密码的登录表单(在加密密码之前):
public void actionPerformed(ActionEvent e){
//verify users credentials and signs in
if(e.getSource() == login){
try{
//connects to the database
Connection conn = DriverManager.getConnection("jdbc:postgresql://localhost:5432/cc","pi","server");
//inserts values into table
PreparedStatement statement = conn.prepareStatement("SELECT username, user_pass FROM users WHERE username = ? and user_pass = ?");
statement.setString(1, username.getText());
statement.setString(2, password.getText());
ResultSet result = statement.executeQuery();
if (result.next()) {
frame.dispose();
new CommunityCooks();
}
else {
JOptionPane.showMessageDialog(null, "Username or Password did not match.");
}
}
catch(SQLException f){
f.printStackTrace();
}
}
我制作了一个测试应用来比较加密密码并大致了解它的工作原理:
import org.jasypt.util.password.StrongPasswordEncryptor;
public class EncryptTest {
public static void main(String[] args) {
String userPass = "test";
StrongPasswordEncryptor passwordEncryptor = new StrongPasswordEncryptor();
String encryptPass = passwordEncryptor.encryptPassword(userPass);
System.out.println(encryptPass);
if(passwordEncryptor.checkPassword("test", encryptPass)){
System.out.println("correct");
}
else{
System.out.println("wrong");
}
}
}
我很难过的部分是尝试获取加密密码并将其与用户输入密码进行比较以进行验证。我相信我需要加密输入密码,然后可以使用 passworEncryptor.checkPassword();但我不知道将它放在登录代码中的哪个位置以及如何实现它。任何帮助都会很棒。
谢谢。
【问题讨论】:
标签: java encryption jasypt