java - 所需的字符串参数 'token' 不存在

Question

我在我的应用程序中使用 spring boot 和 thymeleaf，我正在尝试在 Controller 和 thymeleaf 文件中实现“ token CSRF”以重置密码并通过 CSRF 进行保护:

我的 Controller :

@Controller
@RequestMapping("/sdsc0004")
public class SdsPasswordRegController {

private static final Logger LOGGER = LoggerFactory.getLogger(SdsPasswordRegController.class);

@Autowired
private CustomerService customerService;

@ModelAttribute("customer")
public SdsPasswordRegForm passwordReset() {
  return new SdsPasswordRegForm();
}

@GetMapping
public String getUpdatePassword(HttpServletRequest request, HttpServletResponse response, 
@RequestParam("token") String token, Model model) {

   Customer checkTokenUser = customerService.findByConfirmationTokenCSRF(token); 
   // No token found in DB
    if(checkTokenUser == null) {
      // modelAndView.addObject("invalidToken", "Oops!  This is an invalid confirmation link.");
      LOGGER.info("invalid Token");
      model.addAttribute("invalidToken", "can not verify token !!");
    }
    else {
       model.addAttribute("confirmationToken", checkTokenUser.getConfirmationToken());
      LOGGER.info("invalid Token", checkTokenUser.getConfirmationToken());
    }

    LOGGER.info("Loading submit form successfully");
    model.addAttribute("customer", customer);

    return "sdsc0004";
  }

  @PostMapping
  public String setUpdatePassword(@ModelAttribute("customer") @Validated SdsPasswordRegForm customer, 
BindingResult result, Model model, @RequestParam Map requestParams) {

 Customer customerDTO = new Customer();  
 // boolean resetOrUpdatePassword = customerService.save(customer.getNewPassword());  

 if (result.hasErrors()) {
  LOGGER.info("Submit form: confirm submit password success !!");
    return "sdsc0004";
  } 
  else {
    // customer.setSdsUserMgmtDto(customerDTO.setIsLocked(false));
    customerDTO.setIsLocked(true);  
    customerDTO.setConfirmationToken(UUID.randomUUID().toString());  

    System.out.println();
    System.out.println("token generate automatic: " + customerDTO.getConfirmationToken());

    // customerService.save(customer.getNewPassword());  

    return "redirect:/sdsc0005";
   }
  }    
 }

我的 HTML:

<div th:if="${invalidToken}" class="alert alert-danger" role="alert" th:text=${invalidToken}></div> 

    <form th:if="!${invalidToken}" th:action="@{/sdsc0004}" th:object="${customer}" method="post">
      <input type="hidden" name="token" th:value=${confirmationToken}  >

        <div style="margin-top: 2em">   
            <div class="row">                   
                <div class="col-xs-2 col-sm-2 col-lg-3"></div>
                </div> 
                <div class="row">
                    <div class="col-xs-2 col-sm-2 col-lg-3"></div>                          
                        <div class="row">
                            <div class="col-xs-2 col-sm-2 col-lg-3"></div>
                                <div class="col-xs-8 col-sm-8 col-lg-5" style="background: #f2f2f2;">
                                <p>
                                <input type="password" style="width: 100%;" name="newPassword" th:value="*{newPassword}" placeholder="New password" />
                                <div class="text-danger" th:if="${#fields.hasErrors('newPassword')}" th:errors="*{newPassword}"></div>
                                </p>
                                </div>
                            <div class="col-xs-2 col-sm-2 col-lg-3"></div>
                            </div>
                            <div class="row">
                                <div class="col-xs-2 col-sm-2 col-lg-3"></div>
                                <div class="col-xs-8 col-sm-8 col-lg-5" style="background: #f2f2f2;">
                                <p>
                                    <input type="password" style="width: 100%;" name="confirmNewPassword" th:value="*{confirmNewPassword}" placeholder="Confirm new password" />
                                    <div class="text-danger" th:if="${#fields.hasErrors('confirmNewPassword')}" th:errors="*{confirmNewPassword}"></div>
                                </p>
                            </div>
                                <div class="col-xs-2 col-sm-2 col-lg-3"></div>
                            </div> 

                <div class="row">
                    <div class="col-xs-2 col-sm-2 col-lg-3"></div>
                        <div class="col-xs-8 col-sm-8 col-lg-5" style="background: #f2f2f2;">                                       
                            <button type="submit" class="logoff-btn" style="width: 100%; padding: 3%; margin: 0">Reset</button>
                        </div>      
                    </div>                                                                                    
                </div>   
    </form>

当我构建时，发生以下错误:

There was an unexpected error (type=Bad Request, status=400).
Required String parameter 'token' is not present
org.springframework.web.bind.MissingServletRequestParameterException: Required String parameter 'token' is not present
        at org.springframework.web.method.annotation.RequestParamMethodArgumentResolver.handleMissingValue(RequestParamMethodArgumentResolver.java:204)
        at org.springframework.web.method.annotation.AbstractNamedValueMethodArgumentResolver.resolveArgument(AbstractNamedValueMethodArgumentResolver.java:114)
        at org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:121)
        at org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:167)

如何解决问题

Answer 1

看起来您实际上并未将 token 添加为请求参数，但与所有其他值一样，它是表单模型的一部分。您可能需要先检查模型的内容。

编辑:为了进一步开发，最好调试和探索 ServletRequest。它显示了被调用的 URL、请求 header 和正文。如果您确实从客户端发送数据，您会在那里找到它。