JSP页面url不将电子邮件地址解析为参数

时间:2014-11-21 13:59:25

标签: jsp encryption

我正在开发一个Spring-MVC应用程序,我正在研究密码重置功能。发送给用户的令牌由3部分组成,Email-id:timestamp:secretkey ..例如,当我尝试测试密码重置链接并粘贴我在电子邮件中收到的URL时(如下所示)。我在一个字段中复制了token参数,忽略了什么.com?为什么会这样?任何解决方案。

重置链接网址:

localhost:8085/newpassword/myemail@gmail.com:1416404954901:uXRjA7FAqe0bO_zdwse_4PdVzjQdT1RjJ3QYG5PEODg

JSP页面将其保存为:

localhost:8085/newpassword/myemail@gmail

resetpassword.jsp页面:

<c:url var="addAction" value="/newpassword/{token}" ></c:url>
<form:form action="${addAction}" commandName="person">
    <table>
        <tr>
            <td>
                <form:label path="username">
                    <spring:message text="username"/>
                </form:label>
            </td>
            <td>
                <form:input path="username"  />
            </td>
        </tr>

        <tr>
            <td>
                <form:label path="token">
                    <spring:message text="token"/>
                </form:label>
            </td>
            <td>
                <form:input path="token"  />
            </td>
        </tr>


        <tr>
            <td>
                <form:label path="newpassword">
                    <spring:message text="newpassword"/>
                </form:label>
            </td>
            <td>
                <form:input path="newpassword"  />
            </td>
        </tr>
        <tr>
            <td>
                <input name="submit" type="submit" value="Submit" />
            </td>
        </tr>
    </table>
</form:form>
</body>
</html>

控制器代码:

 @RequestMapping(value = "/resetpassword")
    public String newPasswordPage(Model model){
        model.addAttribute("person", new Person());
        return "resetpassword";
    }
   @RequestMapping(value = "/newpassword/{token}")
   public String changePasswordFunction(@ModelAttribute("person") Person person, Model model, @PathVariable("token") String token){
        if(person.getPassword() == null){
            return "resetpassword";
        } else {
            personService.changePassword(token,person.getUsername(),person.getPassword());
            System.out.println("User and password is :"+person.getUsername()+" and password "+person.getPassword());
            model.addAttribute("person",person);
            return "redirect:/";
        }
    }

令牌创建机制:

 @Override
    public void createToken(String username){
        long timestamp = System.currentTimeMillis() - 1_000 * 60 * 60 * 48;
        StringBuilder sb = new StringBuilder();
        sb.append(generateTokenStringPublicPart(username, timestamp));
        sb.append(TOKEN_SEPARATOR);
        try {
            sb.append(computeSignature(username, timestamp, signKey));
        } 
      // The above method returns the String as :
return Base64.encodeBase64URLSafeString(hmac.doFinal(sb.toString().getBytes(StandardCharsets.UTF_8)));

我将该链接传递给该人的电子邮件ID。有解决方案吗我尝试使用MD5,它完美地作为它的整数。

1 个答案:

答案 0 :(得分:1)

尝试通过URL encoder传递令牌。它应该正确地转义所有有问题的字符,以便编码的令牌可以作为URL的一部分传递。