We usually use HTTs to secure the transport, but if we don't use HTTPS, we can use JavaScript to ensure that the parameters sent by the browser are encrypted and processed by the RSA algorithm.
Here we can use a jquery encryption plug-in jcryption to handle, you can refer to
http://jcryption.org/#examples
Now the version is 3.0 but there is no Java side implementation, the next time to study. Now, this is a 1.1 version.
This can be in
Http://linkwithweb.googlecode.com/svn/trunk/Utilities/jCryptionTutorial get
But there was a flaw in his service, and I modified it.
The following is a general introduction:
1. First the server has a servlet that generates PUBLICKEY:
Package com.gsh.oauth.auth.servlet;
Import java.io.IOException;
Import Java.security.KeyPair;
Import javax.servlet.ServletException;
Import Javax.servlet.http.HttpServlet;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletResponse;
Import Com.gsh.oauth.auth.util.JCryptionUtil;
/**
* Servlet Implementation Class Encryptionservlet
*/
public class Encryptionservlet extends HttpServlet {
Private static final long serialversionuid = 1L;
/**
* Default constructor.
*/
Public Encryptionservlet () {
TODO auto-generated Constructor stub
}
/**
* @see Httpservlet#service (httpservletrequest request, httpservletresponse response)
*/
protected void Service (HttpServletRequest request,
HttpServletResponse response) throws Servletexception, IOException {
int key_size = 1024;
if (Request.getparameter ("generatekeypair") = null) {
Jcryptionutil jcryptionutil = new Jcryptionutil ();
KeyPair keys = null;
if (Request.getsession (). getattribute ("keys") = = null) {//commented out here otherwise the second request will be 500
Keys = Jcryptionutil.generatekeypair (key_size);
Request.getsession (). SetAttribute ("Keys", keys);
//}
StringBuffer output = new StringBuffer ();
String e = jcryptionutil.getpublickeyexponent (keys);
String n = jcryptionutil.getpublickeymodulus (keys);
String MD = string.valueof (jcryptionutil.getmaxdigits (key_size));
Output.append ("{\" e\ ": \" ");
Output.append (e);/files/linugb118/bcprov-jdk15-1.46.jar.zip
Output.append ("\", \ "n\": \ "");
Output.append (n);
Output.append ("\", \ "maxdigits\": \ "");
Output.append (MD);
Output.append ("\"} ");
Output.tostring ();
Response.getoutputstream (). Print (
Output.tostring (). ReplaceAll ("\ R", ""). ReplaceAll ("\ n", "")
. Trim ());
} else {
Response.getoutputstream (). Print (String.valueof (false));
}
}
}
2. Client Example
<title>login form</title>
<meta http-equiv="Content-type"
content="text/html; Charset=utf-8 ">
<script src=". /js/jquery-1.4.2.min.js "type="text/javascript"></script>
<script src=". /js/jquery-ui-1.8.2.custom.min.js "
Type="Text/javascript"></script>
<script type="Text/javascript"
Src=". /js/security/jquery.jcryption-1.1.min.js "></script>
<script type="Text/javascript">
$ (document). Ready (function() {
var $statusText = $ (' <span id= ' status ></span> '). Hide ();
$ ("#status_container"). Append ($statusText);
$ ("#lf"). Jcryption ({
Getkeysurl: "/gsh/oauth/encryption?generatekeypair=true",
Beforeencryption: function() {
$statusText
. Text ("Test Code")
. Show ();
return true;
},
Encryptionfinished: function(
Encryptedstring,
Objectlength) {
$statusText
. text (encryptedstring);
return true;
}
});
});
</script>
<body>
<form id="LF" action="/gsh/oauth/authorization"
method="POST">
<fieldset><legend>login</legend>
<div>
<div>client_id:<br>
<input type="text" size= "name=" client_id "value=""></div>
<div>redirect_uri:<br>
<input type="text" size= "name=" Redirect_uri "value=""></div>
</div>
<div>loginID:<br>
<input type="text" size= "name=" loginID "value=""></div>
</ Div >
<div>password:<br>
<input type="password" size=" " name= " password" value= ""></div>
</ Div >
<div>
<p><input type="Submit" /><span id="Status_container"></span></p >
</div>
</fieldset>
</form>
</body>
As you can see from the code above, he/gsh/oauth/encryption?generatekeypair=true to ask for public and then encrypt it through jcryption . then Post to the service side. encryption is the encryptionservlet above.
From the browser tool, you can see that the data inside the form is encrypted
jcryption= 95f1589502288050e08b4bd8b1a360341cf616d9054531b85a6ef85783c1723b46686ec454ee81f1304fa2370ce24c4d9c06f84d47aa4bdf99310ae12 B514db19bfcc325f3a39a584c23b1546550f4e0635c12486f2fd84dec137e1c61cfa775dfa3057a1f0154712aaba0af0cc61810282780f15bed909c24 a184e66ab39f2e
3. decryption of the target servlet(authorization)
Public class Authorization extends httpservlet {
protected void doget (HttpServletRequest httpservletrequest,
HttpServletResponse HttpServletResponse) throws Servletexception,
IOException {
PrintWriter out = Httpservletresponse.getwriter ();
KeyPair keys = (KeyPair) httpservletrequest.getsession (). getattribute ("Keys");
String encrypted = Httpservletrequest.getparameter ("epcryption");
String client_id = null;
String Redirect_uri = null;
String loginID = null;
String password = null;
Try {
String data = Jcryptionutil. Decrypt (encrypted, keys);
Httpservletrequest.getsession (). removeattribute ("Keys");
Map params = jcryptionutil. Parse (Data, "UTF-8");
client_id = (String) params.get ("client_id");
Redirect_uri = (String) params.get ("Redirect_uri");
loginID = (String) params.get ("loginID");
Password = (String) params.get ("password");
} catch (Throwable e) {
E.printstacktrace();
}
}
}
above at least fragments that need to be relevant JS and the Java problem, please SVN obtained above. In addition, we need Bcprov-jdk15-1.46.jar
can be in http://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15/1.46
Get.
JavaScript-Side encryption Java service-side decryption