JSP security
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Anonymous
Posted On:   Saturday, February 28, 2004 08:17 AM

Hi everybody,i need a help from your self.I have a trouble with my JSP page.I need a security for my JSP page and Data.Is there any mechanism to encrypt and decrypt JSP page and data from server and client respectively.I need it immediately.

Re: JSP security

Posted By:   neal_ravindran  
Posted On:   Sunday, February 29, 2004 10:55 AM

Mohammed, are you using the MVC pattern (using Struts)
If not you could still route it via a servlet and get the encryption and decryption using "symmetric keys".

To encrypt make this a static function in some class.

public static String encrypt(String theKey,String thingToBeEncrypted) throws Exception
{

String encryptedKey="";

DesEncrypter encrypter = new DesEncrypter(theKey);

encryptedKey=encrypter.encrypt(licenseNumber);

return encryptedKey;

}


To decrypt make this a static function in same class where you placed the encrypt function above:-

public static String decrypt(String theKey,String encryptedKey)
{


String decryptedKey="";

DesEncrypter decrypter = new DesEncrypter(theKey);

decryptedKey = decrypter.decrypt(encryptedKey);

return decryptedKey;

}



Well here is the DesEncrypter.java file you will need to use the above.


import javax.crypto.*;

import javax.crypto.spec.*;

import java.security.spec.AlgorithmParameterSpec;

import java.security.spec.KeySpec;

import java.io.*;


public class DesEncrypter {

Cipher ecipher;

Cipher dcipher;


// 8-byte Salt

byte[] salt = {

(byte)0xA9, (byte)0x9B, (byte)0xC8, (byte)0x32,

(byte)0x56, (byte)0x35, (byte)0xE3, (byte)0x03
};


// Iteration count

int iterationCount = 4;


public DesEncrypter(String passPhrase) {

try {

// Create the key

KeySpec keySpec = new PBEKeySpec
(passPhrase.toCharArray(), salt, iterationCount);

SecretKey key =
SecretKeyFactory.getInstance(
"PBEWithMD5AndDES").generateSecret(keySpec);

ecipher = Cipher.getInstance(key.getAlgorithm());

dcipher = Cipher.getInstance(key.getAlgorithm());


// Prepare the parameter to the ciphers

AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt, iterationCount);


// Create the ciphers

ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);

dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec);

}
catch (java.security.InvalidAlgorithmParameterException e) {

}
catch (java.security.spec.InvalidKeySpecException e) {

}
catch (javax.crypto.NoSuchPaddingException e) {

}
catch (java.security.NoSuchAlgorithmException e) {

}
catch (java.security.InvalidKeyException e) {

}

}



public String encrypt(String str) {

try {

// Encode the string into bytes using utf-8

byte[] utf8 = str.getBytes("UTF8");


// Encrypt

byte[] enc = ecipher.doFinal(utf8);


// Encode bytes to base64 to get a string

return new sun.misc.BASE64Encoder().encode(enc);

}
catch (javax.crypto.BadPaddingException e) {

}
catch (IllegalBlockSizeException e) {

}
catch (UnsupportedEncodingException e) {

}
catch (java.io.IOException e) {

}

return null;

}


public String decrypt(String str) {

try {

// Decode base64 to get bytes

byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(str);


// Decrypt

byte[] utf8 = dcipher.doFinal(dec);


// Decode using utf-8

return new String(utf8, "UTF8");

}
catch (javax.crypto.BadPaddingException e) {

}
catch (IllegalBlockSizeException e) {

}
catch (UnsupportedEncodingException e) {

}
catch (java.io.IOException e) {

}

return null;

}


}

About | Sitemap | Contact