Я использую весеннюю загрузку и тимелеаф в своем приложении, я пытаюсь реализовать 'token CSRF' в контроллере и файле тимелеафа для сброса пароля и защиты с помощью CSRF:
мой контроллер:
@Controller
@RequestMapping("/sdsc0004")
public class SdsPasswordRegController {
private static final Logger LOGGER = LoggerFactory.getLogger(SdsPasswordRegController.class);
@Autowired
private CustomerService customerService;
@ModelAttribute("customer")
public SdsPasswordRegForm passwordReset() {
return new SdsPasswordRegForm();
}
@GetMapping
public String getUpdatePassword(HttpServletRequest request, HttpServletResponse response,
@RequestParam("token") String token, Model model) {
Customer checkTokenUser = customerService.findByConfirmationTokenCSRF(token);
// No token found in DB
if(checkTokenUser == null) {
// modelAndView.addObject("invalidToken", "Oops! This is an invalid confirmation link.");
LOGGER.info("invalid Token");
model.addAttribute("invalidToken", "can not verify token !!");
}
else {
model.addAttribute("confirmationToken", checkTokenUser.getConfirmationToken());
LOGGER.info("invalid Token", checkTokenUser.getConfirmationToken());
}
LOGGER.info("Loading submit form successfully");
model.addAttribute("customer", customer);
return "sdsc0004";
}
@PostMapping
public String setUpdatePassword(@ModelAttribute("customer") @Validated SdsPasswordRegForm customer,
BindingResult result, Model model, @RequestParam Map requestParams) {
Customer customerDTO = new Customer();
// boolean resetOrUpdatePassword = customerService.save(customer.getNewPassword());
if (result.hasErrors()) {
LOGGER.info("Submit form: confirm submit password success !!");
return "sdsc0004";
}
else {
// customer.setSdsUserMgmtDto(customerDTO.setIsLocked(false));
customerDTO.setIsLocked(true);
customerDTO.setConfirmationToken(UUID.randomUUID().toString());
System.out.println();
System.out.println("token generate automatic: " + customerDTO.getConfirmationToken());
// customerService.save(customer.getNewPassword());
return "redirect:/sdsc0005";
}
}
}
my HTML:
<div th:if="${invalidToken}" class="alert alert-danger" role="alert" th:text=${invalidToken}></div>
<form th:if="!${invalidToken}" th:action="@{/sdsc0004}" th:object="${customer}" method="post">
<input type="hidden" name="token" th:value=${confirmationToken} >
<div style="margin-top: 2em">
<div class="row">
<div class="col-xs-2 col-sm-2 col-lg-3"></div>
</div>
<div class="row">
<div class="col-xs-2 col-sm-2 col-lg-3"></div>
<div class="row">
<div class="col-xs-2 col-sm-2 col-lg-3"></div>
<div class="col-xs-8 col-sm-8 col-lg-5" style="background: #f2f2f2;">
<p>
<input type="password" style="width: 100%;" name="newPassword" th:value="*{newPassword}" placeholder="New password" />
<div class="text-danger" th:if="${#fields.hasErrors('newPassword')}" th:errors="*{newPassword}"></div>
</p>
</div>
<div class="col-xs-2 col-sm-2 col-lg-3"></div>
</div>
<div class="row">
<div class="col-xs-2 col-sm-2 col-lg-3"></div>
<div class="col-xs-8 col-sm-8 col-lg-5" style="background: #f2f2f2;">
<p>
<input type="password" style="width: 100%;" name="confirmNewPassword" th:value="*{confirmNewPassword}" placeholder="Confirm new password" />
<div class="text-danger" th:if="${#fields.hasErrors('confirmNewPassword')}" th:errors="*{confirmNewPassword}"></div>
</p>
</div>
<div class="col-xs-2 col-sm-2 col-lg-3"></div>
</div>
<div class="row">
<div class="col-xs-2 col-sm-2 col-lg-3"></div>
<div class="col-xs-8 col-sm-8 col-lg-5" style="background: #f2f2f2;">
<button type="submit" class="logoff-btn" style="width: 100%; padding: 3%; margin: 0">Reset</button>
</div>
</div>
</div>
</form>
Когда я собираю, возникает ошибка следующего вида:
There was an unexpected error (type=Bad Request, status=400).
Required String parameter 'token' is not present
org.springframework.web.bind.MissingServletRequestParameterException: Required String parameter 'token' is not present
at org.springframework.web.method.annotation.RequestParamMethodArgumentResolver.handleMissingValue(RequestParamMethodArgumentResolver.java:204)
at org.springframework.web.method.annotation.AbstractNamedValueMethodArgumentResolver.resolveArgument(AbstractNamedValueMethodArgumentResolver.java:114)
at org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:121)
at org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:167)
Как решить проблему