如何在 Android Activity 中实现“记住我”功能?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2154438/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I implement a 'Remember me' function in an Android Activity?
提问by UMAR
I have a username, password, and checkbox (next to the text 'remember me').
我有一个用户名、密码和复选框(在文本“记住我”旁边)。
How do I to implement a remember me function to keep username and password data??
如何实现记住我的功能以保留用户名和密码数据?
Any help would be appreciated.
任何帮助,将不胜感激。
回答by Dave Webb
You can save values associated with your application using Preferences.
您可以使用 Preferences 保存与您的应用程序关联的值。
Define some statics to store the preference file name and the keys you're going to use:
定义一些静态来存储首选项文件名和您要使用的键:
public static final String PREFS_NAME = "MyPrefsFile";
private static final String PREF_USERNAME = "username";
private static final String PREF_PASSWORD = "password";
You'd then save the username and password as follows:
然后按如下方式保存用户名和密码:
getSharedPreferences(PREFS_NAME,MODE_PRIVATE)
.edit()
.putString(PREF_USERNAME, username)
.putString(PREF_PASSWORD, password)
.commit();
So you would retrieve them like this:
所以你会像这样检索它们:
SharedPreferences pref = getSharedPreferences(PREFS_NAME,MODE_PRIVATE);
String username = pref.getString(PREF_USERNAME, null);
String password = pref.getString(PREF_PASSWORD, null);
if (username == null || password == null) {
//Prompt for username and password
}
Alternatively, if you don't want to name a preferences file you can just use the default:
或者,如果您不想命名首选项文件,则可以使用默认值:
SharedPreferences pref = PreferenceManager.getDefaultSharedPreferences(this);
回答by Derek W
It should be noted that although the accepted answer successfully stores and retrieves the credentials, it stores them as plain-text.
应该注意的是,尽管接受的答案成功地存储和检索了凭据,但它将它们存储为纯文本。
This means that the password will be readily visible on a rooted phone. If you choose to store sensitive information such as a password in your application using SharedPreferences, then as Reto Meier(Technical Lead on Android Development Relations) states: You should at the veryleast encrypt the passwordbefore writing it to disk.
这意味着密码在有 root 权限的手机上很容易看到。如果您选择存储敏感信息,例如在应用程序中使用的密码SharedPreferences,然后根据雷托•梅耶尔(在Android发展的关系技术主管)状态:你应该在非常至少加密密码写入磁盘之前。
Here's an implementation that encrypts the user information before storing it in SharedPreferences:
这是一个在将用户信息存储在 之前对其进行加密的实现SharedPreferences:
/*
Copyright (C) 2012 Sveinung Kval Bakken, [email protected]
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import android.content.Context;
import android.content.SharedPreferences;
import android.util.Base64;
public class SecurePreferences {
public static class SecurePreferencesException extends RuntimeException {
public SecurePreferencesException(Throwable e) {
super(e);
}
}
private static final String TRANSFORMATION = "AES/CBC/PKCS5Padding";
private static final String KEY_TRANSFORMATION = "AES/ECB/PKCS5Padding";
private static final String SECRET_KEY_HASH_TRANSFORMATION = "SHA-256";
private static final String CHARSET = "UTF-8";
private final boolean encryptKeys;
private final Cipher writer;
private final Cipher reader;
private final Cipher keyWriter;
private final SharedPreferences preferences;
/**
* This will initialize an instance of the SecurePreferences class
* @param context your current context.
* @param preferenceName name of preferences file (preferenceName.xml)
* @param secureKey the key used for encryption, finding a good key scheme is hard.
* Hardcoding your key in the application is bad, but better than plaintext preferences. Having the user enter the key upon application launch is a safe(r) alternative, but annoying to the user.
* @param encryptKeys settings this to false will only encrypt the values,
* true will encrypt both values and keys. Keys can contain a lot of information about
* the plaintext value of the value which can be used to decipher the value.
* @throws SecurePreferencesException
*/
public SecurePreferences(Context context, String preferenceName, String secureKey, boolean encryptKeys) throws SecurePreferencesException {
try {
this.writer = Cipher.getInstance(TRANSFORMATION);
this.reader = Cipher.getInstance(TRANSFORMATION);
this.keyWriter = Cipher.getInstance(KEY_TRANSFORMATION);
initCiphers(secureKey);
this.preferences = context.getSharedPreferences(preferenceName, Context.MODE_PRIVATE);
this.encryptKeys = encryptKeys;
}
catch (GeneralSecurityException e) {
throw new SecurePreferencesException(e);
}
catch (UnsupportedEncodingException e) {
throw new SecurePreferencesException(e);
}
}
protected void initCiphers(String secureKey) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException,
InvalidAlgorithmParameterException {
IvParameterSpec ivSpec = getIv();
SecretKeySpec secretKey = getSecretKey(secureKey);
writer.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
reader.init(Cipher.DECRYPT_MODE, secretKey, ivSpec);
keyWriter.init(Cipher.ENCRYPT_MODE, secretKey);
}
protected IvParameterSpec getIv() {
byte[] iv = new byte[writer.getBlockSize()];
System.arraycopy("fldsjfodasjifudslfjdsaofshaufihadsf".getBytes(), 0, iv, 0, writer.getBlockSize());
return new IvParameterSpec(iv);
}
protected SecretKeySpec getSecretKey(String key) throws UnsupportedEncodingException, NoSuchAlgorithmException {
byte[] keyBytes = createKeyBytes(key);
return new SecretKeySpec(keyBytes, TRANSFORMATION);
}
protected byte[] createKeyBytes(String key) throws UnsupportedEncodingException, NoSuchAlgorithmException {
MessageDigest md = MessageDigest.getInstance(SECRET_KEY_HASH_TRANSFORMATION);
md.reset();
byte[] keyBytes = md.digest(key.getBytes(CHARSET));
return keyBytes;
}
public void put(String key, String value) {
if (value == null) {
preferences.edit().remove(toKey(key)).commit();
}
else {
putValue(toKey(key), value);
}
}
public boolean containsKey(String key) {
return preferences.contains(toKey(key));
}
public void removeValue(String key) {
preferences.edit().remove(toKey(key)).commit();
}
public String getString(String key) throws SecurePreferencesException {
if (preferences.contains(toKey(key))) {
String securedEncodedValue = preferences.getString(toKey(key), "");
return decrypt(securedEncodedValue);
}
return null;
}
public void clear() {
preferences.edit().clear().commit();
}
private String toKey(String key) {
if (encryptKeys)
return encrypt(key, keyWriter);
else return key;
}
private void putValue(String key, String value) throws SecurePreferencesException {
String secureValueEncoded = encrypt(value, writer);
preferences.edit().putString(key, secureValueEncoded).commit();
}
protected String encrypt(String value, Cipher writer) throws SecurePreferencesException {
byte[] secureValue;
try {
secureValue = convert(writer, value.getBytes(CHARSET));
}
catch (UnsupportedEncodingException e) {
throw new SecurePreferencesException(e);
}
String secureValueEncoded = Base64.encodeToString(secureValue, Base64.NO_WRAP);
return secureValueEncoded;
}
protected String decrypt(String securedEncodedValue) {
byte[] securedValue = Base64.decode(securedEncodedValue, Base64.NO_WRAP);
byte[] value = convert(reader, securedValue);
try {
return new String(value, CHARSET);
}
catch (UnsupportedEncodingException e) {
throw new SecurePreferencesException(e);
}
}
private static byte[] convert(Cipher cipher, byte[] bs) throws SecurePreferencesException {
try {
return cipher.doFinal(bs);
}
catch (Exception e) {
throw new SecurePreferencesException(e);
}
}
}
The above code is notmy own, here is the GitHub Pagewhere it is sourced.
上面的代码不是我自己的,这里是它的来源GitHub Page。
Here's a sample usage of the code:
这是代码的示例用法:
SecurePreferences preferences = new SecurePreferences(context, "user-info",
"YourSecurityKey", true);
// Put (all puts are automatically committed)
preferences.put("username", "MyUser");
preferences.put("password", "MyPassword");
// Get
String username = preferences.getString("username");
String password = preferences.getString("password");
Disclaimer:If someone has physical access to the phone, they could potentially gain access to the preferences file and to the application's binary. Meaning they could decompile the application and reveal the key used in the encryption and then unencrypt the user information.
免责声明:如果有人可以物理访问手机,他们可能会获得对首选项文件和应用程序二进制文件的访问权限。这意味着他们可以反编译应用程序并显示加密中使用的密钥,然后解密用户信息。
However, nothing is 100% secure. The most secure method to store any information is to not store it at all. A determined hacker can hack almost anything, but encrypting the information will make it more difficult.
然而,没有什么是 100% 安全的。存储任何信息的最安全方法是根本不存储它。一个坚定的黑客几乎可以破解任何东西,但对信息进行加密会使其变得更加困难。
