0
可能有人請幫我爲什麼比較兩個字符串返回false 下面是代碼:相同字符串時相比,返回false
<%@ page language="java" pageEncoding="ISO-8859-1"%>
<%
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
response.setDateHeader("Expires", -1);
%>
<jsp:useBean id="user" class="beans.ConnectToDB" scope="session" />
<jsp:useBean id="aes" class="beans.AES" scope="session" />
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 01 Dec 2001 00:00:00 GMT" />
<title>Authenticating - Checking Credentials</title>
</head>
<body>
<%
String getUsername = request.getParameter("username");
String getPassword = request.getParameter("password");
final String passphrase = "#[email protected]#";
byte[] password_byte = getPassword.getBytes();
byte[] passphrase_byte = passphrase.getBytes();
byte[] encrypt_password = aes.encrypt(password_byte, passphrase_byte);
String encrypt_password_str = new String(encrypt_password);
if((getUsername != null && !getUsername.isEmpty()) || (getPassword != null && !getPassword.isEmpty())){
String username_from_db = user.getUsername(getUsername);
String password_from_db = user.getPassword(getUsername);
if(getUsername.equalsIgnoreCase(username_from_db) && encrypt_password_str.equals(password_from_db)){
response.sendRedirect("client/home_page.jsp");
}
else{
out.println("Original Encrypted Password: " + encrypt_password_str + "<br />");
out.println("Encrypted Password from D: " + password_from_db);
}
}
else{ response.sendRedirect("index.jsp"); }
%>
</body>
</html>
這裏是結果:
Original Encrypted Password: I[?y?Ì®õ¹A,®}
Encrypted Password from D: I[?y?Ì®õ¹A,®}
如果我正確的,它是相同的字符串。
如果getUsername.equalsIgnoreCase(username_from_db)錯誤怎麼辦? – YMomb
您不應該比較Java端的加密密碼,因爲這意味着在任何情況下,真正的加密密碼都存在於JVM中並且可能可見。更喜歡「SELECT [...] FROM ... WHERE LOGIN = ... AND ENCRYPTED_PASSWORD = ...」:如果它不返回任何內容,拒絕認證。 –
我沒有得到你的意思:)對不起,這真的是我第一次在jsp和javabeans中, – tonix15