0
我正在研究Spring-MVC應用程序,並且我正在研究密碼重置功能。發送給用戶的令牌被創建爲3部分,Email-id:timestamp:secretkey。例如,當我嘗試測試密碼重置鏈接並粘貼我在電子郵件中收到的URL(在下面給出)時。我在一個字段中複製了token參數,什麼.com被忽略?爲什麼會發生?任何解決方案JSP頁面URL不解析電子郵件地址作爲參數
重置鏈接地址:
localhost:8085/newpassword/[email protected]:1416404954901:uXRjA7FAqe0bO_zdwse_4PdVzjQdT1RjJ3QYG5PEODg
JSP頁面將其保存爲:
localhost:8085/newpassword/[email protected]
resetpassword.jsp頁:
<c:url var="addAction" value="/newpassword/{token}" ></c:url>
<form:form action="${addAction}" commandName="person">
<table>
<tr>
<td>
<form:label path="username">
<spring:message text="username"/>
</form:label>
</td>
<td>
<form:input path="username" />
</td>
</tr>
<tr>
<td>
<form:label path="token">
<spring:message text="token"/>
</form:label>
</td>
<td>
<form:input path="token" />
</td>
</tr>
<tr>
<td>
<form:label path="newpassword">
<spring:message text="newpassword"/>
</form:label>
</td>
<td>
<form:input path="newpassword" />
</td>
</tr>
<tr>
<td>
<input name="submit" type="submit" value="Submit" />
</td>
</tr>
</table>
</form:form>
</body>
</html>
控制器代碼:
@RequestMapping(value = "/resetpassword")
public String newPasswordPage(Model model){
model.addAttribute("person", new Person());
return "resetpassword";
}
@RequestMapping(value = "/newpassword/{token}")
public String changePasswordFunction(@ModelAttribute("person") Person person, Model model, @PathVariable("token") String token){
if(person.getPassword() == null){
return "resetpassword";
} else {
personService.changePassword(token,person.getUsername(),person.getPassword());
System.out.println("User and password is :"+person.getUsername()+" and password "+person.getPassword());
model.addAttribute("person",person);
return "redirect:/";
}
}
令牌創建機制:
@Override
public void createToken(String username){
long timestamp = System.currentTimeMillis() - 1_000 * 60 * 60 * 48;
StringBuilder sb = new StringBuilder();
sb.append(generateTokenStringPublicPart(username, timestamp));
sb.append(TOKEN_SEPARATOR);
try {
sb.append(computeSignature(username, timestamp, signKey));
}
// The above method returns the String as :
return Base64.encodeBase64URLSafeString(hmac.doFinal(sb.toString().getBytes(StandardCharsets.UTF_8)));
我通過該鏈接的人的電子郵件ID。任何解決方案我嘗試使用MD5,它完美的作爲它的正義整數。
謝謝您的回答,/和所有被刪除,但是從.COM什麼是不可見的,當用戶打開鏈接:本地主機:8085/newpassword/[email protected]mail.com:1416411570349:d7v6_sxF9VfCMqBnvBmje6HiDdbYN_R1a4lXAyluEoQ,然後令牌值只是akshay @ gmail ...任何想法在字符串「.com」有什麼問題 – 2014-11-21 15:41:43
我剛剛通過添加用戶作爲akshay @ gmail進行檢查,令牌獲得完美傳遞。仍然有問題.com – 2014-11-21 15:44:51
您是否嘗試過使用URLEncoder來包裝令牌?因爲它會將'@'編碼爲'%40',然後它應該可以工作。 – 2014-11-21 15:48:46