我目前正在使用jasypt作为我的加密工具,问题是一旦一个单词被加密,它就会产生“/”,我想避免加密中出现斜杠。原因是我在我的网址中使用它。
例如 jasypt 会生成此加密文本:
String encryptedText = "/O0sJjPUFgRGfND1TpHrkbyCalgY/rSpE8nhJ/wYjYY=";
我会将其附加到我的链接中..
示例是:
String.format("%s%s", "youtube.com/videos/", encryptedText);
这会将我重定向到另一个链接,因此不会转到视频部分,而是转到 /O0sJjPUFgRGfND1TpHrkbyCalgY
这是我的代码:
public class EncryptionUtil {
public static final String ENCRYPTION_KEY = "test-encryption";
private static final String EMPTY_KEY_OR_TEXT = "Decryption key and text must not be empty.";
public static String decrypt(final String encryptedText) {
if (StringUtils.isAnyBlank(encryptedText)) {
throw new ApiErrorException(EMPTY_KEY_OR_TEXT);
}
try {
final char[] keyCharArray = ENCRYPTION_KEY.toCharArray();
final BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
textEncryptor.setPasswordCharArray(keyCharArray);
return textEncryptor.decrypt(encryptedText);
} catch (EncryptionOperationNotPossibleException e) {
throw new ApiErrorException(e.getMessage());
}
}
public static String encrypt(final String plaintext) {
if (StringUtils.isAnyBlank(plaintext)) {
throw new ApiErrorException(EMPTY_KEY_OR_TEXT);
}
final char[] keyCharArray = ENCRYPTION_KEY.toCharArray();
final BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
textEncryptor.setPasswordCharArray(keyCharArray);
return textEncryptor.encrypt(plaintext);
}
}
这是我的 Spring Controller :
@GetMapping("/profile/client-users/{userId}")
public ModelAndView getAccountAccess(
@PathVariable String userId, ModelMap modelMap) {
userId = EncryptionUtil.decrypt(userId);
}
最佳答案
第一种(不好的)方法是允许在 url 中使用斜杠字符,如下面的线程所示
Encoded slash (%2F) with Spring RequestMapping path param gives HTTP 400
但我认为使用 base64 对加密文本进行编码似乎是一种不那么扭曲的方式。 而base64编码确实适合这个
Base64 encoding can be helpful when fairly lengthy identifying information is used in an HTTP environment. For example, a database persistence framework for Java objects might use Base64 encoding to encode a relatively large unique id (generally 128-bit UUIDs) into a string for use as an HTTP parameter in HTTP forms or HTTP GET URLs
Quoted from: https://en.wikipedia.org/wiki/Base64
使用以下内容对加密文本进行编码:
String encryptedText = "/O0sJjPUFgRGfND1TpHrkbyCalgY/rSpE8nhJ/wYjYY=";
String encryptedTextAndEncoded = new String(java.util.Base64.getEncoder().encode(encryptedText.getBytes()));
try {
// Using standard Base64 in URL requires encoding of '+', '/' and '='
encryptedTextAndEncoded = URLEncoder.encode(encryptedTextAndEncoded, "UTF-8");
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String.format("%s%s", "youtube.com/videos/", encryptedTextAndEncoded);
生成的网址将是:
youtube.com/videos/L08wc0pqUFVGZ1JHZk5EMVRwSHJrYnlDYWxnWS9yU3BFOG5oSi93WWpZWT0%3D
这是一个完全有效的网址
然后,在服务器端,您将在使用字符串之前对其进行解码:
@GetMapping("/profile/client-users/{userId}")
public ModelAndView getAccountAccess(
@PathVariable String userId, ModelMap modelMap) {
String decoded = new String(java.util.Base64.getDecoder().decode(userId.getBytes()));
userId = EncryptionUtil.decrypt(decoded);
}
关于java - Jasypt加密-加密时删除斜杠,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52758485/