java - Jasypt加密-加密时删除斜杠

Question

我目前正在使用jasypt作为我的加密工具，问题是一旦一个单词被加密，它就会产生“/”，我想避免加密中出现斜杠。原因是我在我的网址中使用它。

例如 jasypt 会生成此加密文本:

String encryptedText = "/O0sJjPUFgRGfND1TpHrkbyCalgY/rSpE8nhJ/wYjYY=";

我会将其附加到我的链接中..

示例是:

String.format("%s%s", "youtube.com/videos/", encryptedText);

这会将我重定向到另一个链接，因此不会转到视频部分，而是转到 /O0sJjPUFgRGfND1TpHrkbyCalgY

这是我的代码:

public class EncryptionUtil {
    public static final String ENCRYPTION_KEY = "test-encryption";
    private static final String EMPTY_KEY_OR_TEXT = "Decryption key and text must not be empty.";

    public static String decrypt(final String encryptedText) {
        if (StringUtils.isAnyBlank(encryptedText)) {
            throw new ApiErrorException(EMPTY_KEY_OR_TEXT);
        }
        try {
            final char[] keyCharArray = ENCRYPTION_KEY.toCharArray();
            final BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
            textEncryptor.setPasswordCharArray(keyCharArray);

            return textEncryptor.decrypt(encryptedText);
        } catch (EncryptionOperationNotPossibleException e) {
            throw new ApiErrorException(e.getMessage());
        }
    }

    public static String encrypt(final String plaintext) {
        if (StringUtils.isAnyBlank(plaintext)) {
            throw new ApiErrorException(EMPTY_KEY_OR_TEXT);
        }
        final char[] keyCharArray = ENCRYPTION_KEY.toCharArray();
        final BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
        textEncryptor.setPasswordCharArray(keyCharArray);

        return textEncryptor.encrypt(plaintext);
    }
}

这是我的 Spring Controller :

@GetMapping("/profile/client-users/{userId}")
    public ModelAndView getAccountAccess(
        @PathVariable String userId, ModelMap modelMap) {
        userId = EncryptionUtil.decrypt(userId);
}

Answer 1

第一种(不好的)方法是允许在 url 中使用斜杠字符，如下面的线程所示

Encoded slash (%2F) with Spring RequestMapping path param gives HTTP 400

但我认为使用 base64 对加密文本进行编码似乎是一种不那么扭曲的方式。 而base64编码确实适合这个

Base64 encoding can be helpful when fairly lengthy identifying information is used in an HTTP environment. For example, a database persistence framework for Java objects might use Base64 encoding to encode a relatively large unique id (generally 128-bit UUIDs) into a string for use as an HTTP parameter in HTTP forms or HTTP GET URLs

Quoted from: https://en.wikipedia.org/wiki/Base64

使用以下内容对加密文本进行编码:

String encryptedText = "/O0sJjPUFgRGfND1TpHrkbyCalgY/rSpE8nhJ/wYjYY=";
String encryptedTextAndEncoded = new String(java.util.Base64.getEncoder().encode(encryptedText.getBytes()));

try {
        // Using standard Base64 in URL requires encoding of '+', '/' and '=' 
        encryptedTextAndEncoded = URLEncoder.encode(encryptedTextAndEncoded, "UTF-8");
    } catch (UnsupportedEncodingException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

String.format("%s%s", "youtube.com/videos/", encryptedTextAndEncoded);

生成的网址将是:

youtube.com/videos/L08wc0pqUFVGZ1JHZk5EMVRwSHJrYnlDYWxnWS9yU3BFOG5oSi93WWpZWT0%3D

这是一个完全有效的网址

然后，在服务器端，您将在使用字符串之前对其进行解码:

@GetMapping("/profile/client-users/{userId}")
    public ModelAndView getAccountAccess(
        @PathVariable String userId, ModelMap modelMap) {
        String decoded = new String(java.util.Base64.getDecoder().decode(userId.getBytes()));
        userId = EncryptionUtil.decrypt(decoded);
}