springboot filter 实现 Get请求的加密
时间: 2023-05-22 11:06:27 浏览: 352
非常感谢您的提问!可以通过在 Filter 中重写 doFilter 方法,在请求过程中对 Get 请求参数进行加密。可以使用 MD5 等加密方式对参数进行加密,然后将加密后的参数替换原始的请求参数,以实现 Get 请求的加密。如果您需要更加详细的实现方式,可以参考 Spring 官方文档或其他相关的博客文章。
相关问题
SpringBoot实现用户登录、注册、找回密码功能的代码
以下是一个简单的 SpringBoot 实现用户登录、注册、找回密码功能的代码示例:
首先,我们需要定义一个用户实体类 User:
```java
@Entity
@Table(name = "user")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@NotBlank
@Size(max = 20)
private String username;
@NotBlank
@Size(max = 50)
@Email
private String email;
@NotBlank
@Size(max = 120)
private String password;
// getters and setters
}
```
然后,我们需要定义一个 UserRepository 接口,用于操作用户数据:
```java
@Repository
public interface UserRepository extends JpaRepository<User, Long> {
Optional<User> findByUsername(String username);
Boolean existsByUsername(String username);
Boolean existsByEmail(String email);
}
```
接下来,我们需要定义一个控制器 UserController,处理用户的登录、注册、找回密码等操作:
```java
@RestController
@RequestMapping("/api/auth")
public class UserController {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private JwtTokenProvider jwtTokenProvider;
@Autowired
private UserRepository userRepository;
@Autowired
private PasswordEncoder passwordEncoder;
@PostMapping("/login")
public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginForm loginRequest) {
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
loginRequest.getUsernameOrEmail(),
loginRequest.getPassword()
)
);
SecurityContextHolder.getContext().setAuthentication(authentication);
String jwt = jwtTokenProvider.generateToken(authentication);
return ResponseEntity.ok(new JwtAuthenticationResponse(jwt));
}
@PostMapping("/register")
public ResponseEntity<?> registerUser(@Valid @RequestBody SignUpForm signUpRequest) {
if(userRepository.existsByUsername(signUpRequest.getUsername())) {
return new ResponseEntity(new ApiResponse(false, "Username is already taken!"),
HttpStatus.BAD_REQUEST);
}
if(userRepository.existsByEmail(signUpRequest.getEmail())) {
return new ResponseEntity(new ApiResponse(false, "Email Address already in use!"),
HttpStatus.BAD_REQUEST);
}
// Creating user's account
User user = new User(signUpRequest.getName(), signUpRequest.getUsername(),
signUpRequest.getEmail(), signUpRequest.getPassword());
user.setPassword(passwordEncoder.encode(user.getPassword()));
User result = userRepository.save(user);
URI location = ServletUriComponentsBuilder
.fromCurrentContextPath().path("/users/{username}")
.buildAndExpand(result.getUsername()).toUri();
return ResponseEntity.created(location).body(new ApiResponse(true, "User registered successfully"));
}
@PostMapping("/forgot-password")
public ResponseEntity<?> forgotPassword(@Valid @RequestBody ForgotPasswordForm forgotPasswordRequest) {
Optional<User> optionalUser = userRepository.findByUsername(forgotPasswordRequest.getUsernameOrEmail());
if (!optionalUser.isPresent()) {
optionalUser = userRepository.findByEmail(forgotPasswordRequest.getUsernameOrEmail());
}
if (!optionalUser.isPresent()) {
return new ResponseEntity(new ApiResponse(false, "User not found!"),
HttpStatus.BAD_REQUEST);
}
User user = optionalUser.get();
String newPassword = UUID.randomUUID().toString();
user.setPassword(passwordEncoder.encode(newPassword));
userRepository.save(user);
// send email with new password
// ...
return ResponseEntity.ok(new ApiResponse(true, "New password sent to your email"));
}
}
```
其中,LoginForm、SignUpForm、ForgotPasswordForm 分别表示用户的登录、注册、找回密码表单。JwtTokenProvider 用于生成和验证 JWT Token。PasswordEncoder 用于加密和解密用户密码。ApiResponse 表示请求响应结果。
最后,我们需要定义一个 Spring Security 配置类 SecurityConfig,用于配置用户认证和授权等:
```java
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
securedEnabled = true,
jsr250Enabled = true,
prePostEnabled = true
)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
@Bean
public JwtAuthenticationFilter jwtAuthenticationFilter() {
return new JwtAuthenticationFilter();
}
@Override
public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder
.userDetailsService(customUserDetailsService)
.passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean(BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests().antMatchers(
"/",
"/favicon.ico",
"/**/*.png",
"/**/*.gif",
"/**/*.svg",
"/**/*.jpg",
"/**/*.html",
"/**/*.css",
"/**/*.js"
).permitAll()
.antMatchers("/api/auth/**").permitAll()
.anyRequest().authenticated();
// Add our custom JWT security filter
http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
}
```
通过以上配置,我们可以实现一个简单的用户登录、注册、找回密码功能。
阅读全文