應用場景: 有兩個應用系統(tǒng)a,b。其中a系統(tǒng)中某一部分導航功能需要跳轉(zhuǎn)至b系統(tǒng)(簡單的說就是a系統(tǒng)現(xiàn)在要把b系統(tǒng)中的所有功能包含進來,為了前期快速上線,采用js重定向跳轉(zhuǎn)實現(xiàn)),這里就涉及到a系統(tǒng)登錄后的權(quán)限要同步到b系統(tǒng),實現(xiàn)單點登錄。其中對于內(nèi)網(wǎng)用戶,采用了idm的單點登錄。但是針對外部用戶就采用了aes加密的方式驗證。 實現(xiàn)思路: 在登錄a系統(tǒng)的情況下,外部用戶點擊跳轉(zhuǎn)至b系統(tǒng)的時候免登錄,同步權(quán)限。這里是在跳轉(zhuǎn)時,前后端協(xié)商采用aes的加解密對該用戶進行校驗。
實現(xiàn)的核心代碼:
<code class="language-html"><!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<!-- <script src="https://sellpow-html.oss-cn-beijing.aliyuncs.com/public/js/aes.js" rel="external nofollow" ></script> -->
<script type="text/javascript" src="http://react.file.alimmdn.com/aes.js" rel="external nofollow" ></script>
<body>
<script>
var key = CryptoJS.enc.Utf8.parse("cyh@201812345678");//密鑰為16字節(jié)
var plaintText = 'cyh@123456789'; // 明文
var encryptedData = CryptoJS.AES.encrypt(plaintText, key, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7
});
console.log("加密前:"+plaintText);
console.log("加密后:"+encryptedData.ciphertext.toString());
encryptedData = encryptedData.ciphertext.toString();
console.log("base64加密后:"+encryptedData);
var encryptedHexStr = CryptoJS.enc.Hex.parse('5a6dcc986133465954e1072471f8d2e2');
var encryptedBase64Str = CryptoJS.enc.Base64.stringify(encryptedHexStr);
var decryptedData = CryptoJS.AES.decrypt(encryptedBase64Str, key, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7
});
var decryptedStr = decryptedData.toString(CryptoJS.enc.Utf8);
console.log("解密后:"+decryptedStr);
var pwd = "PCsUFtgog9/qpqmqXsuCRQ==";
//加密服務端返回的數(shù)據(jù)
var decryptedData = CryptoJS.AES.decrypt(pwd, key, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7
});
console.log("解密服務端返回的數(shù)據(jù):"+decryptedStr);
</script>
</body>
</html></code>
后端解密核心代碼:
public class AccessHtmlFilter implements Filter {
private static final Logger logger = Logger.getLogger(AccessHtmlFilter.class);
private static String VENTOLKENID = "cyh@*srm#";
//密鑰
private static final String TOKEN_KEY = "cyh@201812345678";
//算法
private static final String ALGORITHMSTR = "AES/ECB/PKCS5Padding";
....
public boolean judgeToken(String ventolkenid, String userId){
Boolean b = false;
String tokenid = VENTOLKENID.replace("*", userId);
byte[] bt = parseHexStr2Byte(ventolkenid);
Object encoded = Base64.encodeBase64String(bt);
String decrypt = "";
try {
decrypt = aesDecrypt(encoded.toString(), TOKEN_KEY);
} catch (Exception e) {
return b;
}
System.out.println("解密后:" + decrypt);
if(tokenid.equals(decrypt.substring(0, decrypt.indexOf("#")+1))){
b = true;
}
return b;
}
/**
* AES解密
* @param encryptBytes 待解密的byte[]
* @param decryptKey 解密密鑰
* @return 解密后的String
* @throws Exception
*/
public static String aesDecryptByBytes(byte[] encryptBytes, String decryptKey) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);
Cipher cipher = Cipher.getInstance(ALGORITHMSTR);
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryptKey.getBytes(), "AES"));
byte[] decryptBytes = cipher.doFinal(encryptBytes);
return new String(decryptBytes);
}
/**
* 將base 64 code AES解密
* @param encryptStr 待解密的base 64 code
* @param decryptKey 解密密鑰
* @return 解密后的string
* @throws Exception
*/
public static String aesDecrypt(String encryptStr, String decryptKey) throws Exception {
return StringUtils.isEmpty(encryptStr) ? null : aesDecryptByBytes(base64Decode(encryptStr), decryptKey);
}
/**
* base 64 decode
* @param base64Code 待解碼的base 64 code
* @return 解碼后的byte[]
* @throws Exception
*/
public static byte[] base64Decode(String base64Code) throws Exception{
return StringUtils.isEmpty(base64Code) ? null : new BASE64Decoder().decodeBuffer(base64Code);
}
/**將二進制轉(zhuǎn)換成16進制
* @param buf
* @return
*/
public String parseByte2HexStr(byte buf[]) {
StringBuffer sb = new StringBuffer();
for (int i = 0; i < buf.length; i++) {
String hex = Integer.toHexString(buf[i] & 0xFF);
if (hex.length() == 1) {
hex = '0' + hex;
}
sb.append(hex.toUpperCase());
}
return sb.toString();
}
/**將16進制轉(zhuǎn)換為二進制
* @param hexStr
* @return
*/
private byte[] parseHexStr2Byte(String hexStr) {
if (hexStr.length() < 1)
return null;
byte[] result = new byte[hexStr.length()/2];
for (int i = 0;i< hexStr.length()/2; i++) {
int high = Integer.parseInt(hexStr.substring(i*2, i*2+1), 16);
int low = Integer.parseInt(hexStr.substring(i*2+1, i*2+2), 16);
result[i] = (byte) (high * 16 + low);
}
return result;
}
更多建議: