/** 设定安全的密码,生成随机的salt并经过1024次 sha-1 hash */
private void entryptPassword(User user) {
byte[] salt = Digests.generateSalt(SALT_SIZE);
user.setSalt(Encodes.encodeHex(salt));
byte[] hashPassword = Digests.sha1(user.getPlainPassword().getBytes(), salt, HASH_INTERATIONS);
user.setPassword(Encodes.encodeHex(hashPassword));
}
/**
* 验证原密码是否正确
*
* @param user
* @param oldPwd
* @return
*/
public boolean checkPassword(User user, String oldPassword) {
byte[] salt = Encodes.decodeHex(user.getSalt());
byte[] hashPassword = Digests.sha1(oldPassword.getBytes(), salt, HASH_INTERATIONS);
if (user.getPassword().equals(Encodes.encodeHex(hashPassword))) {
return true;
} else {
return false;
}
}
/**
* 保存用户
*
* @param user
*/
@Transactional(readOnly = false)
public void save(User user) {
entryptPassword(user);
user.setCreateDate(DateUtils.getSysTimestamp());
userDao.save(user);
}
/**
* 修改用户登录
*
* @param user
*/
public void updateUserLogin(User user) {
user.setLoginCount((user.getLoginCount() == null ? 0 : user.getLoginCount()) + 1);
user.setPreviousVisit(user.getLastVisit());
user.setLastVisit(DateUtils.getSysTimestamp());
update(user);
}