java.lang.ClassCastException:[B不能强制转换为java.lang.String [英] java.lang.ClassCastException: [B cannot be cast to java.lang.String

问题描述

我用Field LoginId和Password编写了一个实体类.

I have written an entitity class with Field LoginId and Password.

Iam使用AES_ENCRYPT对passwrd进行加密并将其存储在数据库中.

Iam encrypting the passwrd and stoiring it in the db using the AES_ENCRYPT.

我只想检索已解密的密码.因此，我在OPen JPA 2.0中使用NAtiveQueryis使用AES_DECRYPT.

I want to retrive only the password which is decrypted. so, im using AES_DECRYPT using NAtiveQueryis in OPen JPA 2.0.

我写的查询是:

Query q = em.createNativeQuery("select AES_DECRYPT(l.password,?2) from loginDetails l where l.loginID = ?1");
q.setParameter(1, loginId);
q.setParameter(2, getKey());
String s = q.getSingleResult();  

但是我收到以下异常:

java.lang.ClassCastException: [B cannot be cast to java.lang.String
at com.rcs.chef.validation.UserValidation.decryptedPasswordForID(UserValidation.java:99)
at com.rcs.chef.validation.UserValidation.validateUser(UserValidation.java:81)
at com.rcs.chef.validation.UserValidation.activate(UserValidation.java:72)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:226)
at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:824)
at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:636)
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:724)
at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64)
at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:219)
at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:147)
at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:640)
at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:331)
at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:227)

我什至尝试过:

Query q = em.createNativeQuery("select AES_DECRYPT(l.password,?2) from loginDetails l where l.loginID = ?1");
q.setParameter(1, loginId);
q.setParameter(2, getKey());
List<Object> s = q.getResultList();  

String s1 = null;
for(Object o : s){
    s1= (String) o;
}

即使在这里，我也获得与相同的异常:

Even here also im gettng the same Exception as :

java.lang.ClassCastException: [B cannot be cast to java.lang.Object

您能告诉我查询和处理请求的错误吗?

Can you tell me what is the Mistake with the query adn handling the req.

推荐答案

类似的问题: MySQL的AES_DECRYPT不会不返回String，而是返回一个字节数组，用"[B"表示.将结果转换为byte[]并从中构建您的字符串.

MySQL's AES_DECRYPT does not return a String but rather an array of bytes, denoted by "[B". Cast the result to byte[] and build your string from that.

您似乎甚至不需要解密密码；您只想validateUser，对吗? -在这种情况下，正如其他人指出的那样，应使用安全的哈希值.

It looks like you don't even need to decrypt the password; you just want to validateUser, right? - In that case, as others have noted, secure hashes should be used.

您可以轻松地使用MySQL，因为它已经提供了必要的

You can easily do this with MySQL, as it already provides the necessary functions: MD5 (considered insecure), SHA1 (pretty much standard), and SHA2 (even more secure than SHA1).

所以您的方案基本上可能像这样:

So your scheme basically may look like:

insert into loginDetails (..., passwordHashSalt, passwordHash) values ( ..., ?1, SHA1(CONCAT( ?1, ?2 )) )，其中?1设置为唯一的盐"，例如可以是用户名本身，而?2是实际密码.注意，盐也必须存储在数据库中，并且必须"对于每个用户/密码都是唯一的；因此，用户名是自然的选择.

insert into loginDetails (..., passwordHashSalt, passwordHash) values ( ..., ?1, SHA1(CONCAT( ?1, ?2 )) ), where ?1 is set to the unique 'salt', which may be for example the user name itself, and ?2 is the actual password. Note that the salt must be stored in the DB too and 'must' be unique for every user/password; thus, the user name is a natural choice for that.

然后，要验证给定的密码，您可以执行以下操作:

Then, to verify a given password you can do:

select 'OK' from loginDetails where ... and passwordHash = SHA1(CONCAT( passwordHashSalt, ?1 ))，其中?1是要验证的密码.

select 'OK' from loginDetails where ... and passwordHash = SHA1(CONCAT( passwordHashSalt, ?1 )), where ?1 is the password which is to be verified.

有关更多信息，请在Internet上搜索密码哈希"，例如，参见此处.

For more information search the internet for 'password hashing', see for example here or here.

如果需要，也可以在数据库客户端代码中完成这些哈希操作.

Those hashing operations may also be done in your database client code instead, if desired.

这篇关于java.lang.ClassCastException:[B不能强制转换为java.lang.String的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！