so my problem is this, i have a jsp that has a register button on every navigation page so i want to encrypt my password when using spring hibernate but unfortunately i don't know how.. even how spring and hibernate i dont actually get how it works. and also i have a Encryption class im thinking about encrypting it inside my Users class but i know when logging in it will cause a problem... here is my code by the way
code in controller
@Controller
@RequestMapping("/ecomplain")
public class ComplainController
{
@Autowired
private UserService userService;
@Autowired
private ComplainService complainService;
@RequestMapping(value = "/Homepage")
public String showHomepage(Map<String, Object> map)
{
map.put("users", new Users());
return "/ecomplain/Homepage";
}
@RequestMapping(value = "/ComplaintForm")
public String showComplainForm(Map<String, Object> map)
{
map.put("users", new Users());
map.put("complains", new Complains());
return "/ecomplain/ComplaintForm";
}
@RequestMapping(value = "/CrimeForum")
public String showCrimeForum(Map<String, Object> map)
{
map.put("users", new Users());
map.put("complains", new Complains());
map.put("complainList", complainService.listComplains());
return "/ecomplain/CrimeForum";
}
@RequestMapping(value = "/About")
public String showAbout(Map<String, Object> map)
{
map.put("users", new Users());
return "/ecomplain/About";
}
@RequestMapping("/get/{userId}")
public String getUsers(@PathVariable Long userId, Map<String, Object> map)
{
Users users = userService.getUsers(userId);
map.put("users", users);
return "/ecomplain/CreateUserForm";
}
@RequestMapping("/getComplain/{complainId}")
public String getComplains(@PathVariable Long complainId, Map<String, Object> map)
{
Complains complains = complainService.getComplains(complainId);
map.put("complains", complains);
return "/ecomplain/ComplainDetails";
}
@RequestMapping(value = "/save", method = RequestMethod.POST)
public String saveUsers(@ModelAttribute("users") Users users, BindingResult result)
{
userService.saveUsers(users);
return "redirect:listBooks";
}
@RequestMapping(value = "/savecomplain", method = RequestMethod.POST)
public String saveComplains(@ModelAttribute("complains") Complains complains, BindingResult result)
{
complainService.saveComplains(complains);
return "redirect:ComplaintForm";
}
@RequestMapping("/delete/{userId}")
public String deleteUsers(@PathVariable("userId") Long userId)
{
userService.deleteUsers(userId);
return "redirect:/ecomplain/Homepage";
}
@RequestMapping("/delete/{complainId}")
public String deleteComplains(@PathVariable("complainId") Long complainId)
{
complainService.deleteComplains(complainId);
return "redirect:/ecomplain/Homepage";
}
}
Users class
@Entity
@Table(name = "users")
public class Users
{
private Long userId;
private String email;
private String username;
private String password;
private String location;
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
public Long getUserId()
{
return userId;
}
@Column(nullable = false)
public String getEmail()
{
return email;
}
@Column(nullable = false, unique = true)
public String getUsername()
{
return username;
}
@Column(nullable = false)
public String getPassword()
{
return password;
}
@Column(nullable = false)
public String getLocation()
{
return location;
}
public void setUserId(Long userId)
{
this.userId = userId;
}
public void setEmail(String email)
{
this.email = email;
}
public void setUsername(String username)
{
this.username = username;
}
public void setPassword(String password)
{
this.password = password;
}
public void setLocation(String location)
{
this.location = location;
}
}
UsersDao
public interface UsersDao
{
public void saveUsers(Users users);
public List<Users> listUsers();
public Users getUsers(Long userId);
public void deleteUsers(Long userId);
}
UsersDaoImpl
@Repository
public class UsersDaoImpl implements UsersDao
{
@Autowired
private SessionFactory sessionFactory;
public void saveUsers(Users users)
{
getSession().merge(users);
}
public List<Users> listUsers()
{
return getSession().createCriteria(Users.class).list();
}
public Users getUsers(Long userId)
{
return (Users) getSession().get(Users.class, userId);
}
public void deleteUsers(Long userId)
{
Users users = getUsers(userId);
if (null != users)
{
getSession().delete(users);
}
}
private Session getSession()
{
Session sess = getSessionFactory().getCurrentSession();
if (sess == null)
{
sess = getSessionFactory().openSession();
}
return sess;
}
private SessionFactory getSessionFactory()
{
return sessionFactory;
}
}
and here is my Encryption class that i want to use
public class Encryption
{
public static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
// The following constants may be changed without breaking existing hashes.
public static final int SALT_BYTE_SIZE = 24;
public static final int HASH_BYTE_SIZE = 24;
public static final int PBKDF2_ITERATIONS = 1000;
public static final int ITERATION_INDEX = 0;
public static final int SALT_INDEX = 1;
public static final int PBKDF2_INDEX = 2;
/**
* Returns a salted PBKDF2 hash of the password.
*
* @param password the password to hash
* @return a salted PBKDF2 hash of the password
*/
public static String createHash(String password) throws NoSuchAlgorithmException, InvalidKeySpecException
{
return createHash(password.toCharArray());
}
/**
* Returns a salted PBKDF2 hash of the password.
*
* @param password the password to hash
* @return a salted PBKDF2 hash of the password
*/
public static String createHash(char[] password) throws NoSuchAlgorithmException, InvalidKeySpecException
{
// Generate a random salt
SecureRandom random = new SecureRandom();
byte[] salt = new byte[SALT_BYTE_SIZE];
random.nextBytes(salt);
// Hash the password
byte[] hash = pbkdf2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
// format iterations:salt:hash
return PBKDF2_ITERATIONS + ":" + toHex(salt) + ":" + toHex(hash);
}
/**
* Validates a password using a hash.
*
* @param password the password to check
* @param correctHash the hash of the valid password
* @return true if the password is correct, false if not
*/
public static boolean validatePassword(String password, String correctHash) throws NoSuchAlgorithmException, InvalidKeySpecException
{
return validatePassword(password.toCharArray(), correctHash);
}
/**
* Validates a password using a hash.
*
* @param password the password to check
* @param correctHash the hash of the valid password
* @return true if the password is correct, false if not
*/
public static boolean validatePassword(char[] password, String correctHash) throws NoSuchAlgorithmException, InvalidKeySpecException
{
// Decode the hash into its parameters
String[] params = correctHash.split(":");
int iterations = Integer.parseInt(params[ITERATION_INDEX]);
byte[] salt = fromHex(params[SALT_INDEX]);
byte[] hash = fromHex(params[PBKDF2_INDEX]);
// Compute the hash of the provided password, using the same salt,
// iteration count, and hash length
byte[] testHash = pbkdf2(password, salt, iterations, hash.length);
// Compare the hashes in constant time. The password is correct if
// both hashes match.
return slowEquals(hash, testHash);
}
/**
* Compares two byte arrays in length-constant time. This comparison method
* is used so that password hashes cannot be extracted from an on-line
* system using a timing attack and then attacked off-line.
*
* @param a the first byte array
* @param b the second byte array
* @return true if both byte arrays are the same, false if not
*/
private static boolean slowEquals(byte[] a, byte[] b)
{
int diff = a.length ^ b.length;
for(int i = 0; i < a.length && i < b.length; i++)
diff |= a[i] ^ b[i];
return diff == 0;
}
/**
* Computes the PBKDF2 hash of a password.
*
* @param password the password to hash.
* @param salt the salt
* @param iterations the iteration count (slowness factor)
* @param bytes the length of the hash to compute in bytes
* @return the PBDKF2 hash of the password
*/
private static byte[] pbkdf2(char[] password, byte[] salt, int iterations, int bytes) throws NoSuchAlgorithmException, InvalidKeySpecException
{
PBEKeySpec spec = new PBEKeySpec(password, salt, iterations, bytes * 8);
SecretKeyFactory skf = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM);
return skf.generateSecret(spec).getEncoded();
}
/**
* Converts a string of hexadecimal characters into a byte array.
*
* @param hex the hex string
* @return the hex string decoded into a byte array
*/
private static byte[] fromHex(String hex)
{
byte[] binary = new byte[hex.length() / 2];
for(int i = 0; i < binary.length; i++)
{
binary[i] = (byte)Integer.parseInt(hex.substring(2*i, 2*i+2), 16);
}
return binary;
}
/**
* Converts a byte array into a hexadecimal string.
*
* @param array the byte array to convert
* @return a length*2 character string encoding the byte array
*/
private static String toHex(byte[] array)
{
BigInteger bi = new BigInteger(1, array);
String hex = bi.toString(16);
int paddingLength = (array.length * 2) - hex.length();
if(paddingLength > 0)
return String.format("%0" + paddingLength + "d", 0) + hex;
else
return hex;
}
public String saltedPass(String password)
{
String hash = "";
try
{
hash = createHash(password);
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
}
catch (InvalidKeySpecException e)
{
e.printStackTrace();
}
return hash;
}
public boolean validation(String password, String hash)
{
try
{
if (validatePassword(password, hash))
{
System.out.println("CORRECT PASSWORD!");
return true;
}
}
catch (Exception ex)
{
System.out.println("ERROR: " + ex);
}
return false;
}
}
Aucun commentaire:
Enregistrer un commentaire