我正在开发一个Spring-MVC应用程序,我正在研究密码重置功能。发送给用户的令牌由3部分组成,Email-id:timestamp:secretkey ..例如,当我尝试测试密码重置链接并粘贴我在电子邮件中收到的URL时(如下所示)。我在一个字段中复制了token参数,忽略了什么.com?为什么会这样?任何解决方案。
重置链接网址:
localhost:8085/newpassword/myemail@gmail.com:1416404954901:uXRjA7FAqe0bO_zdwse_4PdVzjQdT1RjJ3QYG5PEODg
JSP页面将其保存为:
localhost:8085/newpassword/myemail@gmail
resetpassword.jsp页面:
<c:url var="addAction" value="/newpassword/{token}" ></c:url>
<form:form action="${addAction}" commandName="person">
<table>
<tr>
<td>
<form:label path="username">
<spring:message text="username"/>
</form:label>
</td>
<td>
<form:input path="username" />
</td>
</tr>
<tr>
<td>
<form:label path="token">
<spring:message text="token"/>
</form:label>
</td>
<td>
<form:input path="token" />
</td>
</tr>
<tr>
<td>
<form:label path="newpassword">
<spring:message text="newpassword"/>
</form:label>
</td>
<td>
<form:input path="newpassword" />
</td>
</tr>
<tr>
<td>
<input name="submit" type="submit" value="Submit" />
</td>
</tr>
</table>
</form:form>
</body>
</html>
控制器代码:
@RequestMapping(value = "/resetpassword")
public String newPasswordPage(Model model){
model.addAttribute("person", new Person());
return "resetpassword";
}
@RequestMapping(value = "/newpassword/{token}")
public String changePasswordFunction(@ModelAttribute("person") Person person, Model model, @PathVariable("token") String token){
if(person.getPassword() == null){
return "resetpassword";
} else {
personService.changePassword(token,person.getUsername(),person.getPassword());
System.out.println("User and password is :"+person.getUsername()+" and password "+person.getPassword());
model.addAttribute("person",person);
return "redirect:/";
}
}
令牌创建机制:
@Override
public void createToken(String username){
long timestamp = System.currentTimeMillis() - 1_000 * 60 * 60 * 48;
StringBuilder sb = new StringBuilder();
sb.append(generateTokenStringPublicPart(username, timestamp));
sb.append(TOKEN_SEPARATOR);
try {
sb.append(computeSignature(username, timestamp, signKey));
}
// The above method returns the String as :
return Base64.encodeBase64URLSafeString(hmac.doFinal(sb.toString().getBytes(StandardCharsets.UTF_8)));
我将该链接传递给该人的电子邮件ID。有解决方案吗我尝试使用MD5,它完美地作为它的整数。