Question

我是指OhadR的项目，他正在使用Spring安全登录并通过电子邮件设置新密码。这个链接：

Authentication-Flows: https://github.com/OhadR/Authentication-Flows

我完成了一些步骤：

1. create account
2. confirm account by email
3. login sucess
4. change or set new password (this step happened exception)

但是当我输入新密码并确认新密码时，我收到了一个例外情况：

SEVERE: Servlet.service() for servlet [action] in context with path [] threw exception [Request processing failed; nested exception is java.lang.StringIndexOutOfBoundsException: String index out of range: -1] with root cause
 java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(Unknown Source)
at com.ohadR.web.crypto.service.CryptoService.getDecodedStringFromEncodedBased64String(CryptoService.java:244)
at com.ohadR.web.crypto.service.CryptoService.extractStringAndDate(CryptoService.java:107)
at com.ohadR.web.auth_flows.core.AuthenticationFlowsProcessorImpl.handleSetNewPassword(AuthenticationFlowsProcessorImpl.java:279)
at com.ohadR.web.auth_flows.web.UserActionController.setNewPassword(UserActionController.java:239)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:222)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:814)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:737)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)

这是范围代码原因异常：

@Override
public String handleSetNewPassword( 
        String encUserAndTimestamp,
        String password,
        String retypedPassword) throws AuthenticationFlowsException
{
    validateRetypedPassword(password, retypedPassword);

    ImmutablePair<Date, String> stringAndDate =
    cryptoService.extractStringAndDate( encUserAndTimestamp );

    validateExpiration(stringAndDate.getLeft());

    String email = stringAndDate.getRight();

    //after validations, make the work: validate password constraints, and update DB:

    //validate the input:
    AuthenticationPolicy settings = getAuthenticationSettings();

    validatePassword(password, settings);



    String encodedPassword = encodeString(email, password);

    // go to the DB and: (1) update the password, and (2) activate the account:
    setPassword(email, encodedPassword);

    return email;
}

将值设置为debug：（已更新）

（的更新）

调试时获取并设置值：电子邮件中链接的价值：

http://localhost:9999/rp?uts=ap0wGvPL56FiYbMshHLe5Yh5PWEkz/kWEbJA32uJPSxw

点击此链接后，它将重定向到URL（设置新密码屏幕）：

http://localhost:9999/login/setNewPassword.jsp?enc=ap0wGvPL56FiYbMshHLe5Yh5PWEkz/kWEbJA32uJPSxw

然后在debug

中的encUserAndTimestamp参数中输入值

最后，我收到了一条消息错误：

Failed to decrypt URL content http://localhost:9999/login/setNewPassword.jsp?enc=ap0wGvPL56FiYbMshHLe5Yh5PWEkz/kWEbJA32uJPSxw

看来我的网址错了!!

如何修复此异常，非常感谢！

Answer 1

你是对的;确实这是一个错误（自2014年起......）

https://github.com/OhadR/Authentication-Flows/issues/13

然而，我只是尝试重现它（忘记密码流），它工作正常！ Here is a link to YouTube，所以你可以看到我做了什么......

Authentication-Flows：java.lang.StringIndexOutOfBoundsException：字符串索引超出范围：-1

1 个答案: