基本步骤:
1,用户访问网站公开的页面,输入注册邮箱,点击"发送找回密码邮件"按钮
2,服务器检测该邮箱正确性及是否有注册,如果已注册,生成一个时间戳+邮箱名的随机数加密后使用Javamail类发送邮件
3,用户登录自己的邮箱点击回调url
4,服务器检测回调url中参数时效性和正确性,如果正确则进入重置密码环节。
依赖包:
mysql-connector-java-5.0.8-bin.jar
java-mail-1.4.jar
源代码如下:
A,入口(注册/forgot到AccountHelperServlet上面)
<?xml version="1.0" encoding="UTF-8"?> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <display-name></display-name> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <servlet> <servlet-name>ForgotPwdServlet</servlet-name> <servlet-class>com.mycompany.account.AccountHelperServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>ForgotPwdServlet</servlet-name> <url-pattern>/forgot</url-pattern> </servlet-mapping> </web-app>
B,Servlet业务逻辑(主要是发送邮件)
package com.mycompany.account; import java.io.IOException; import java.io.PrintWriter; import java.sql.SQLException; import javax.servlet.RequestDispatcher; import javax.servlet.Servlet; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class AccountHelperServlet extends HttpServlet implements Servlet { /** * */ private static final long serialVersionUID = -643722721720417036L; private static final int validtime = 1000 * 60 * 10; // 10 minutes @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // TODO Auto-generated method stub String action = req.getParameter("action"); // // show forget password page // if(action == null){ RequestDispatcher rd = req.getRequestDispatcher("/forgot.jsp"); rd.forward(req, resp); return; } // // show reset password page // else if(action.equals("reset")){ String token = req.getParameter("token"); try{ EncryptDecryptData des = new EncryptDecryptData(); String rawtoken = null; try{ rawtoken = des.decrypt(token); }catch(Exception ex){ resp.sendError(400,"bad request"); return; } long currTimeMillis = System.currentTimeMillis(); long prevTimeMillis = Long.parseLong(rawtoken.split(" ")[0]); if(currTimeMillis - prevTimeMillis > validtime){ resp.sendError(400,"bad request"); return; } req.setAttribute("token", token); RequestDispatcher rd = req.getRequestDispatcher("/reset.jsp"); rd.forward(req, resp); return; } catch(Exception ex){ resp.sendError(500,"internal server error"); return; } } else{ resp.sendError(400,"bad request"); return; } } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String action = req.getParameter("action"); // // send mail action // if(action.equals("sendmail")){ String mailAddress = req.getParameter("mailaddress"); String ret = null; try { ret = AccountHelperUtils.SelectMail(mailAddress); } catch (SQLException e) { resp.sendError(500,"internal server error"); return; } if(ret == null){ resp.sendError(400,"bad request"); return; } String rawtoken = System.currentTimeMillis() + " " + ret; String token = ""; try{ EncryptDecryptData des = new EncryptDecryptData();// 使用默认密钥 token = des.encrypt(rawtoken); } catch(Exception ex){ resp.sendError(500,"internal server error"); return; } String genurl = "http://www.mycompany.com/forgot?action=reset&token="+token; String mailContent = "<div>" + "<div>亲爱的mycompany用户</div>" + "<div>您已经在mycompany申请了找回密码,请点击下面链接,重新设置您的密码:</div>" + "<div><a href=""+genurl+"">"+genurl+"</a></div>" + "<div>此信是由mycompany系统发出,系统不接受回信,请勿直接回复。</div>" + "<div>致礼!</div>" + "</div>"; MailHelperUtils.sendEmail("mycompany@mycompany.com", "mailpassword", new String[]{mailAddress}, "请重置您的mycompany账号密码", mailContent, null, "text/html", "UTF8"); PrintWriter out=resp.getWriter(); out.println("mail sent, please login mail to check!"); out.close(); return; } // // reset password action // else if(action.equals("resetpwd")){ String newpwd = req.getParameter("newpwd"); String token = req.getParameter("token"); try{ EncryptDecryptData des = new EncryptDecryptData(); String rawtoken = null; try{ rawtoken = des.decrypt(token); }catch(Exception ex){ resp.sendError(400,"bad request"); return; } long currTimeMillis = System.currentTimeMillis(); long prevTimeMillis = Long.parseLong(rawtoken.split(" ")[0]); if(currTimeMillis - prevTimeMillis > validtime){ resp.sendError(400,"bad request"); return; } String mailAddress = rawtoken.split(" ")[1]; boolean ret = AccountHelperUtils.UpdatePwd(mailAddress, newpwd); if(ret){ PrintWriter out=resp.getWriter(); out.println("password reset,please relogin"); out.close(); return; }else{ resp.sendError(500,"internal server error"); return; } } catch(Exception ex){ resp.sendError(500,"internal server error"); return; } } else{ resp.sendError(400,"bad request"); return; } } }
forgot.jsp
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Forgot Password</title> </head> <body> <form action="/forgot?action=sendmail" method="post"> <input type="text" name="mailaddress" /> <input type="submit" value="send mail" /> </form> </body> </html>
reset.jsp
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>find password demo</title> </head> <body> <form action="/forgot?action=resetpwd" method="post"> <input type="hidden" name="token" value="<%=(String)request.getAttribute("token")%>" /> <input type="text" name="newpwd" /> <input type="submit" value="update password" /> </form> </body> </html>
C,工具类
a,发送邮件工具(通过设置smtp发送邮件)
package com.mycompany.mail; import java.io.File; import java.util.Date; import java.util.Properties; import javax.activation.DataHandler; import javax.activation.FileDataSource; import javax.mail.Authenticator; import javax.mail.Message; import javax.mail.Multipart; import javax.mail.PasswordAuthentication; import javax.mail.Session; import javax.mail.Transport; import javax.mail.internet.InternetAddress; import javax.mail.internet.MimeBodyPart; import javax.mail.internet.MimeMessage; import javax.mail.internet.MimeMultipart; import javax.mail.internet.MimeUtility; public class MailHelperUtils { public static void sendEmail(final String sender,final String password,String[] receivers, String title, String mailContent, File[] attachements, String mimetype, String charset) { Properties props = new Properties(); //设置smtp服务器地址 //这里使用QQ邮箱,记得关闭独立密码保护功能和在邮箱中设置POP3/IMAP/SMTP服务 props.put("mail.smtp.host", "smtp.exmail.qq.com"); //需要验证 props.put("mail.smtp.auth", "true"); //创建验证器 Authenticator authenticator = new Authenticator() { protected PasswordAuthentication getPasswordAuthentication() { return new PasswordAuthentication(sender, password); } }; //使用Properties创建Session Session session = Session.getDefaultInstance(props, authenticator); //Set the debug setting for this Session //session.setDebug(true); try { //使用session创建MIME类型的消息 MimeMessage mimeMessage = new MimeMessage(session); //设置发件人邮件 mimeMessage.setFrom(new InternetAddress(sender)); //获取所有收件人邮箱地址 InternetAddress[] receiver = new InternetAddress[receivers.length]; for (int i=0; i<receivers.length; i++) { receiver[i] = new InternetAddress(receivers[i]); } //设置收件人邮件 mimeMessage.setRecipients(Message.RecipientType.TO, receiver); //设置标题 mimeMessage.setSubject(title, charset); //设置邮件发送时间 //SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd"); //mimeMessage.setSentDate(format.parse("2011-12-1")); mimeMessage.setSentDate(new Date()); //创建附件 Multipart multipart = new MimeMultipart(); //创建邮件内容 MimeBodyPart body = new MimeBodyPart(); //设置邮件内容 body.setContent(mailContent, (mimetype!=null && !"".equals(mimetype) ? mimetype : "text/plain")+ ";charset="+ charset); multipart.addBodyPart(body);//发件内容 //设置附件 if(attachements!=null){ for (File attachement : attachements) { MimeBodyPart attache = new MimeBodyPart(); attache.setDataHandler(new DataHandler(new FileDataSource(attachement))); String fileName = getLastName(attachement.getName()); attache.setFileName(MimeUtility.encodeText(fileName, charset, null)); multipart.addBodyPart(attache); } } //设置邮件内容(使用Multipart方式) mimeMessage.setContent(multipart); //发送邮件 Transport.send(mimeMessage); } catch (Exception e) { e.printStackTrace(); } } private static String getLastName(String fileName) { int pos = fileName.lastIndexOf("\"); if (pos > -1) { fileName = fileName.substring(pos + 1); } pos = fileName.lastIndexOf("/"); if (pos > -1) { fileName = fileName.substring(pos + 1); } return fileName; } }
b,操作数据库工具(检测邮件地址正确性及更新密码)
package com.mycompany.mail; import java.sql.*; public class AccountHelperUtils { final private static String MysqlHost = "127.0.0.1"; final private static String TableName = "account"; final private static String DbName = "testdb"; final private static String UserName = "username"; final private static String PassWord = "password"; static Connection conn; public static String SelectMail(String mailAddress) throws SQLException{ String userMail = null; PreparedStatement ps = null; ResultSet rs = null; try{ conn = getConnection(); String sql = "select * from "+TableName+" where name = ?"; ps = conn.prepareStatement(sql); ps.setString(1, mailAddress); rs = ps.executeQuery(); while(rs.next()){ userMail = rs.getString("name"); break; } }catch(Exception ex){ return null; }finally{ if(rs!=null){rs.close();} if(ps!=null){ps.close();} if(conn!=null){conn.close();conn = null;}; } return userMail; } public static Boolean UpdatePwd(String mailAddress, String newpwd) throws SQLException{ boolean ret = true; PreparedStatement ps = null; ResultSet rs = null; try{ conn = getConnection(); String sql = "update "+TableName+" set pwd = ? where name = ?"; ps = conn.prepareStatement(sql); ps.setString(1, newpwd); ps.setString(2, mailAddress); ps.executeUpdate(); }catch(Exception ex){ ret = false; }finally{ if(rs!=null){rs.close();} if(ps!=null){ps.close();} if(conn!=null){conn.close();conn = null;}; } return ret; } private static Connection getConnection() throws Exception { Connection con = null; try { Class.forName("com.mysql.jdbc.Driver"); con = DriverManager.getConnection( "jdbc:mysql://"+MysqlHost+"/"+DbName, UserName, PassWord); } catch (Exception e) { throw e; } return con; } }
c,des加密解密工具类
package com.mycompany.mail; import java.security.Key; import javax.crypto.Cipher; /** * DES加密和解密工具,可以对字符串进行加密和解密操作 。 */ public class EncryptDecryptData { /** * 默认构造方法,使用默认密钥 */ public EncryptDecryptData() throws Exception { this(strDefaultKey); } /** * 指定密钥构造方法 * @param strKey 指定的密钥 * @throws Exception */ public EncryptDecryptData(String strKey) throws Exception { // Security.addProvider(new com.sun.crypto.provider.SunJCE()); Key key = getKey(strKey.getBytes()); encryptCipher = Cipher.getInstance("DES"); encryptCipher.init(Cipher.ENCRYPT_MODE, key); decryptCipher = Cipher.getInstance("DES"); decryptCipher.init(Cipher.DECRYPT_MODE, key); } /** 字符串默认键值 */ private static String strDefaultKey = "mysecretkey"; /** 加密工具 */ private Cipher encryptCipher = null; /** 解密工具 */ private Cipher decryptCipher = null; /** * 将byte数组转换为表示16进制值的字符串, 如:byte[]{8,18}转换为:0813, 和public static byte[] * hexStr2ByteArr(String strIn) 互为可逆的转换过程 * @param arrB 需要转换的byte数组 * @return 转换后的字符串 * @throws Exception 本方法不处理任何异常,所有异常全部抛出 */ public static String byteArr2HexStr(byte[] arrB) throws Exception { int iLen = arrB.length; // 每个byte用两个字符才能表示,所以字符串的长度是数组长度的两倍 StringBuffer sb = new StringBuffer(iLen * 2); for (int i = 0; i < iLen; i++) { int intTmp = arrB[i]; // 把负数转换为正数 while (intTmp < 0) { intTmp = intTmp + 256; } // 小于0F的数需要在前面补0 if (intTmp < 16) { sb.append("0"); } sb.append(Integer.toString(intTmp, 16)); } return sb.toString(); } /** * 将表示16进制值的字符串转换为byte数组, 和public static String byteArr2HexStr(byte[] arrB) * 互为可逆的转换过程 * @param strIn 需要转换的字符串 * @return 转换后的byte数组 */ public static byte[] hexStr2ByteArr(String strIn) throws Exception { byte[] arrB = strIn.getBytes(); int iLen = arrB.length; // 两个字符表示一个字节,所以字节数组长度是字符串长度除以2 byte[] arrOut = new byte[iLen / 2]; for (int i = 0; i < iLen; i = i + 2) { String strTmp = new String(arrB, i, 2); arrOut[i / 2] = (byte) Integer.parseInt(strTmp, 16); } return arrOut; } /** * 加密字节数组 * @param arrB 需加密的字节数组 * @return 加密后的字节数组 */ public byte[] encrypt(byte[] arrB) throws Exception { return encryptCipher.doFinal(arrB); } /** * 加密字符串 * @param strIn 需加密的字符串 * @return 加密后的字符串 */ public String encrypt(String strIn) throws Exception { return byteArr2HexStr(encrypt(strIn.getBytes())); } /** * 解密字节数组 * @param arrB 需解密的字节数组 * @return 解密后的字节数组 */ public byte[] decrypt(byte[] arrB) throws Exception { return decryptCipher.doFinal(arrB); } /** * 解密字符串 * @param strIn 需解密的字符串 * @return 解密后的字符串 */ public String decrypt(String strIn) throws Exception { return new String(decrypt(hexStr2ByteArr(strIn))); } /** * 从指定字符串生成密钥,密钥所需的字节数组长度为8位 不足8位时后面补0,超出8位只取前8位 * @param arrBTmp 构成该字符串的字节数组 * @return 生成的密钥 */ private Key getKey(byte[] arrBTmp) throws Exception { // 创建一个空的8位字节数组(默认值为0) byte[] arrB = new byte[8]; // 将原始字节数组转换为8位 for (int i = 0; i < arrBTmp.length && i < arrB.length; i++) { arrB[i] = arrBTmp[i]; } // 生成密钥 Key key = new javax.crypto.spec.SecretKeySpec(arrB, "DES"); return key; } }