一尘不染

JSP页面URL未将电子邮件地址解析为参数

jsp

我正在使用Spring-
MVC应用程序,并且正在使用密码重置功能。发送给用户的令牌分为三个部分,电子邮件ID:时间戳:密钥。。例如,当我尝试测试密码重置链接并将其粘贴到电子邮件中时,获得了URL(如下所示)。我在一个字段中复制了token参数,.com会被忽略吗?为什么会这样呢?任何解决方案。

重置链接网址:

localhost:8085/newpassword/myemail@gmail.com:1416404954901:uXRjA7FAqe0bO_zdwse_4PdVzjQdT1RjJ3QYG5PEODg

JSP页面将其另存为:

localhost:8085/newpassword/myemail@gmail

resetpassword.jsp页面:

<c:url var="addAction" value="/newpassword/{token}" ></c:url>
<form:form action="${addAction}" commandName="person">
    <table>
        <tr>
            <td>
                <form:label path="username">
                    <spring:message text="username"/>
                </form:label>
            </td>
            <td>
                <form:input path="username"  />
            </td>
        </tr>

        <tr>
            <td>
                <form:label path="token">
                    <spring:message text="token"/>
                </form:label>
            </td>
            <td>
                <form:input path="token"  />
            </td>
        </tr>


        <tr>
            <td>
                <form:label path="newpassword">
                    <spring:message text="newpassword"/>
                </form:label>
            </td>
            <td>
                <form:input path="newpassword"  />
            </td>
        </tr>
        <tr>
            <td>
                <input name="submit" type="submit" value="Submit" />
            </td>
        </tr>
    </table>
</form:form>
</body>
</html>

控制器代码:

 @RequestMapping(value = "/resetpassword")
    public String newPasswordPage(Model model){
        model.addAttribute("person", new Person());
        return "resetpassword";
    }
   @RequestMapping(value = "/newpassword/{token}")
   public String changePasswordFunction(@ModelAttribute("person") Person person, Model model, @PathVariable("token") String token){
        if(person.getPassword() == null){
            return "resetpassword";
        } else {
            personService.changePassword(token,person.getUsername(),person.getPassword());
            System.out.println("User and password is :"+person.getUsername()+" and password "+person.getPassword());
            model.addAttribute("person",person);
            return "redirect:/";
        }
    }

代币创建机制:

 @Override
    public void createToken(String username){
        long timestamp = System.currentTimeMillis() - 1_000 * 60 * 60 * 48;
        StringBuilder sb = new StringBuilder();
        sb.append(generateTokenStringPublicPart(username, timestamp));
        sb.append(TOKEN_SEPARATOR);
        try {
            sb.append(computeSignature(username, timestamp, signKey));
        } 
      // The above method returns the String as :
return Base64.encodeBase64URLSafeString(hmac.doFinal(sb.toString().getBytes(StandardCharsets.UTF_8)));

我将该链接传递给该人的电子邮件ID。有什么办法吗?我尝试使用MD5,因为它只是整数,所以效果很好。


阅读 232

收藏
2020-06-10

共1个答案

一尘不染

尝试通过URL编码器传递令牌。它应该正确地转义所有有问题的字符,以便可以将编码的令牌作为URL的一部分进行传递。

2020-06-10