我们都知道,几乎所有的数据库都有存储过程,但在实际开发中,它有什么用途了?下面使用Oracle的存储过程,采用Oracle自带的dbms_obfuscation_toolkit.desencrypt对数据进行加密,需要注意的是密码的长度必须为8的倍数,然后使用Java来调用这个存储过程。
具体的实现实例:
一、创建一个加密和解密的存储过程
第一步 创建表admin
create table admin(
ADMIN_ID number(10) primary key,
ADMIN_NAME varchar2(40) unique,
ADMIN_PWD varchar2(16) unique,
ADMIN_REALNAME varchar2(60),
ADMIN_EMAIL varchar2(60)
);
create sequence admin_seq;
第二步 插入数据
insert into admin values(admin_seq.nextval,'afeng','afeng1232323we23','陈征峰','[email protected]');
select * from admin;
第三步 创建一个存储过程对ADMIN_PWD进行加密
CREATE OR REPLACE PROCEDURE Encrypt_admin(adminNAME varchar2)
is
keyString VARCHAR2(8) := 'czfafeng';
encryptedString VARCHAR2(2048);
pwdString VARCHAR2(2048);
BEGIN
select ADMIN_PWD into pwdString
from admin
where ADMIN_NAME = adminNAME;
dbms_obfuscation_toolkit.desencrypt(
input_string => pwdString,
key_string => keyString,
encrypted_string => encryptedString);
update admin set ADMIN_PWD = encryptedString
where ADMIN_NAME = adminNAME;
commit;
END;
第四步 调用加密过程
begin
Encrypt_admin('afeng');
end;
第五步 创建一个存储过程对ADMIN_PWD进行解密后写入数据库
CREATE OR REPLACE PROCEDURE decrypt_admin(adminNAME varchar2)
is
keyString VARCHAR2(8) := 'czfafeng';
decryptedString VARCHAR2(2048);
pwdString VARCHAR2(2048);
BEGIN
select ADMIN_PWD into pwdString
from admin
where ADMIN_NAME = adminNAME;
dbms_obfuscation_toolkit.DESDecrypt(
input_string => pwdString,
key_string => keyString,
decrypted_string => decryptedString);
update admin set ADMIN_PWD = decryptedString
where ADMIN_NAME = adminNAME;
commit;
END;
第六步 调用解密过程
begin
decrypt_admin('afeng');
end;
第七步 创建一个存储过程对ADMIN_PWD进行解密,并输出
CREATE OR REPLACE PROCEDURE decrypt_admin(adminNAME varchar2,decrypt_pwd out varchar2)
is
keyString VARCHAR2(8) := 'czfafeng';
decryptedString VARCHAR2(2048);
pwdString VARCHAR2(2048);
BEGIN
select ADMIN_PWD into pwdString
from admin
where ADMIN_NAME = adminNAME;
dbms_obfuscation_toolkit.DESDecrypt(
input_string => pwdString,
key_string => keyString,
decrypted_string => decryptedString);
decrypt_pwd:=decryptedString;
EXCEPTION
WHEN Others
-- NO_DATA_FOUND
THEN
decrypt_pwd:=trunc(DBMS_RANDOM.VALUE(1,200000)) ;
END;
第八步 调用解密过程
declare
pwd varchar2(40);
begin
decrypt_admin('afeng1',pwd);
dbms_output.put_line(pwd);
end;
二、Java调用存储过程
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Scanner;
import oracle.jdbc.OracleCallableStatement;
public class Produres_DES {
public static Connection conn;
public String sql;
static{
try {
Class.forName("oracle.jdbc.driver.OracleDriver");
conn=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:orcl","system","orcl");
} catch (ClassNotFoundException e) {
// TODO Auto-generated catchblock
e.printStackTrace();
} catch (SQLException e) {
// TODO Auto-generated catchblock
e.printStackTrace();
}
}
public void desDecrypt(){
@SuppressWarnings("resource")
Scanner input=new Scanner(System.in);
System.out.println("请输入后台管理员的用户名:");
String username=input.next();
System.out.println("请输入后台管理员的密码:");
String userpwd=input.next();
String sql2="{call decrypt_admin(?,?)}";
//生成一个执行过程的语句对象
OracleCallableStatement ocs;
try {
ocs = (OracleCallableStatement)conn.prepareCall(sql2);
ocs.setString(1, username);
ocs.registerOutParameter(2,java.sql.Types.VARCHAR);
ocs.execute();
String pwd=ocs.getString(2);
if(pwd.equals(userpwd)){
System.out.println("登录成功!");
}else{
System.out.println("登录失败");
}
ocs.close();
} catch (SQLException e) {
// TODO Auto-generated catchblock
e.printStackTrace();
}
}
public void desEncrypt(){
String sql="insert into admin values(admin_seq.nextval,?,?,?,?)";
@SuppressWarnings("resource")
Scanner input=new Scanner(System.in);
System.out.println("请输入后台管理员用户名:");
String username=input.next();
System.out.println("请输入后台管理员密码(长度为8的倍数):");
String pwd=input.next();
System.out.println("请输入后台管理员的真实姓名:");
String name=input.next();
System.out.println("请输入后台管理员的邮箱:");
String email=input.next();
try {
PreparedStatement pstmt=conn.prepareStatement(sql);
pstmt.setString(1, username);
pstmt.setString(2, pwd);
pstmt.setString(3, name);
pstmt.setString(4, email);
pstmt.executeUpdate();
String sql2="{call Encrypt_admin(?)}";
//生成一个执行过程的语句对象
OracleCallableStatement ocs=(OracleCallableStatement)conn.prepareCall(sql2);
ocs.setString(1, username);
ocs.execute();
ocs.close();
System.out.println("插入数据和加密成功!");
} catch (SQLException e) {
// TODO Auto-generated catchblock
e.printStackTrace();
}
}
public static void main(String[] args) {
Produres_DES des=new Produres_DES();
//des.desEncrypt();
des.desDecrypt();
}
}