身份验证流:java.lang.StringIndexOutOfBoundsException:字符串索引超出范围:-1
Authentication-Flows: java.lang.StringIndexOutOfBoundsException: String index out of range: -1
我指的是 OhadR 的项目,他正在使用 Spring 安全登录并通过电子邮件设置新密码。
这个link:
Authentication-Flows: https://github.com/OhadR/Authentication-Flows
我已经完成了一些步骤:
1. create account
2. confirm account by email
3. login sucess
4. change or set new password (this step happened exception)
但是当我输入新密码并确认新密码时,我收到如下异常:
SEVERE: Servlet.service() for servlet [action] in context with path [] threw exception [Request processing failed; nested exception is java.lang.StringIndexOutOfBoundsException: String index out of range: -1] with root cause
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(Unknown Source)
at com.ohadR.web.crypto.service.CryptoService.getDecodedStringFromEncodedBased64String(CryptoService.java:244)
at com.ohadR.web.crypto.service.CryptoService.extractStringAndDate(CryptoService.java:107)
at com.ohadR.web.auth_flows.core.AuthenticationFlowsProcessorImpl.handleSetNewPassword(AuthenticationFlowsProcessorImpl.java:279)
at com.ohadR.web.auth_flows.web.UserActionController.setNewPassword(UserActionController.java:239)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:222)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:814)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:737)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
这是导致异常的范围代码:
@Override
public String handleSetNewPassword(
String encUserAndTimestamp,
String password,
String retypedPassword) throws AuthenticationFlowsException
{
validateRetypedPassword(password, retypedPassword);
ImmutablePair<Date, String> stringAndDate =
cryptoService.extractStringAndDate( encUserAndTimestamp );
validateExpiration(stringAndDate.getLeft());
String email = stringAndDate.getRight();
//after validations, make the work: validate password constraints, and update DB:
//validate the input:
AuthenticationPolicy settings = getAuthenticationSettings();
validatePassword(password, settings);
String encodedPassword = encodeString(email, password);
// go to the DB and: (1) update the password, and (2) activate the account:
setPassword(email, encodedPassword);
return email;
}
设置要调试的值:(已更新)
(已更新)
调试时获取和设置值:
电子邮件中 link 的值:
http://localhost:9999/rp?uts=ap0wGvPL56FiYbMshHLe5Yh5PWEkz/kWEbJA32uJPSxw
单击此 link 时,它将重定向到 URL(设置新密码屏幕):
http://localhost:9999/login/setNewPassword.jsp?enc=ap0wGvPL56FiYbMshHLe5Yh5PWEkz/kWEbJA32uJPSxw
然后在调试的encUserAndTimestamp参数中输入值
最后,我收到一条消息错误:
Failed to decrypt URL content http://localhost:9999/login/setNewPassword.jsp?enc=ap0wGvPL56FiYbMshHLe5Yh5PWEkz/kWEbJA32uJPSxw
看来我的URL不对!!
如何解决这个异常,非常感谢!
你是对的;这确实是一个错误(自 2014 年...)
https://github.com/OhadR/Authentication-Flows/issues/13
不过,我只是尝试重现它(忘记密码流程),而且效果很好! Here is a link to YouTube,这样你就可以清楚地看到我做了什么...
我指的是 OhadR 的项目,他正在使用 Spring 安全登录并通过电子邮件设置新密码。 这个link:
Authentication-Flows: https://github.com/OhadR/Authentication-Flows
我已经完成了一些步骤:
1. create account
2. confirm account by email
3. login sucess
4. change or set new password (this step happened exception)
但是当我输入新密码并确认新密码时,我收到如下异常:
SEVERE: Servlet.service() for servlet [action] in context with path [] threw exception [Request processing failed; nested exception is java.lang.StringIndexOutOfBoundsException: String index out of range: -1] with root cause
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(Unknown Source)
at com.ohadR.web.crypto.service.CryptoService.getDecodedStringFromEncodedBased64String(CryptoService.java:244)
at com.ohadR.web.crypto.service.CryptoService.extractStringAndDate(CryptoService.java:107)
at com.ohadR.web.auth_flows.core.AuthenticationFlowsProcessorImpl.handleSetNewPassword(AuthenticationFlowsProcessorImpl.java:279)
at com.ohadR.web.auth_flows.web.UserActionController.setNewPassword(UserActionController.java:239)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:222)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:814)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:737)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
这是导致异常的范围代码:
@Override
public String handleSetNewPassword(
String encUserAndTimestamp,
String password,
String retypedPassword) throws AuthenticationFlowsException
{
validateRetypedPassword(password, retypedPassword);
ImmutablePair<Date, String> stringAndDate =
cryptoService.extractStringAndDate( encUserAndTimestamp );
validateExpiration(stringAndDate.getLeft());
String email = stringAndDate.getRight();
//after validations, make the work: validate password constraints, and update DB:
//validate the input:
AuthenticationPolicy settings = getAuthenticationSettings();
validatePassword(password, settings);
String encodedPassword = encodeString(email, password);
// go to the DB and: (1) update the password, and (2) activate the account:
setPassword(email, encodedPassword);
return email;
}
设置要调试的值:(已更新)
(已更新)
调试时获取和设置值: 电子邮件中 link 的值:
http://localhost:9999/rp?uts=ap0wGvPL56FiYbMshHLe5Yh5PWEkz/kWEbJA32uJPSxw
单击此 link 时,它将重定向到 URL(设置新密码屏幕):
http://localhost:9999/login/setNewPassword.jsp?enc=ap0wGvPL56FiYbMshHLe5Yh5PWEkz/kWEbJA32uJPSxw
然后在调试的encUserAndTimestamp参数中输入值
最后,我收到一条消息错误:
Failed to decrypt URL content http://localhost:9999/login/setNewPassword.jsp?enc=ap0wGvPL56FiYbMshHLe5Yh5PWEkz/kWEbJA32uJPSxw
看来我的URL不对!!
如何解决这个异常,非常感谢!
你是对的;这确实是一个错误(自 2014 年...)
https://github.com/OhadR/Authentication-Flows/issues/13
不过,我只是尝试重现它(忘记密码流程),而且效果很好! Here is a link to YouTube,这样你就可以清楚地看到我做了什么...