问题
On a tomcat, I have two webapplications i.e app1 and app2. I send URL from app1 in encrypted form (using below program) to app2 . I send the URL through response.sendRedirect(encryptedURL).Then at app2 I get this encrypted URL. I see there are some extra characters like +,space( ) in this encrypted URL at app2. I want the exact same URL at app2. I am not getting why these extra characters getting inserted?
Here is the URL at app1 after encryption
Rc9mgB+18chPk6nk1+gzpws6dO5/TSkcOYy8rbuVVTmjE9YjLt5w0EMpuhh+QBKzReYO34pAquf9
kmYOiwl99jo2kDCCkYHMh/+nxEgs1yrLYagsc/0p5KdYeMy1eWeUQB8KqmNlhtYysrHhOYVuunUi
dTaEKUTSWd8lPg9/wZfHdBoJgaF40aUW3FeRODVL
Here is the value of this encrypted URL at app2 when I get it with req.getParameter("encryptedURL");
Rc9mgB 18chPk6nk1 gzpws6dO5/TSkcOYy8rbuVVTmjE9YjLt5w0EMpuhh QBKzReYO34pAquf9 kmYOiwl99jo2kDCCkYHMh/ nxEgs1yrLYagsc/0p5KdYeMy1eWeUQB8KqmNlhtYysrHhOYVuunUi dTaEKUTSWd8lPg9/wZfHdBoJgaF40aUW3FeRODVL
Here is the program for encryption
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public class AESEncryptionDecryptionTest {
private static final String ALGORITHM = "AES";
private static final String myEncryptionKey = "ThisIsFoundation";
private static final String UNICODE_FORMAT = "UTF8";
public static String encrypt(String valueToEnc) throws Exception {
Key key = generateKey();
Cipher c = Cipher.getInstance(ALGORITHM);
c.init(Cipher.ENCRYPT_MODE, key);
byte[] encValue = c.doFinal(valueToEnc.getBytes());
String encryptedValue = new BASE64Encoder().encode(encValue);
return encryptedValue;
}
private static Key generateKey() throws Exception {
byte[] keyAsBytes;
keyAsBytes = myEncryptionKey.getBytes(UNICODE_FORMAT);
Key key = new SecretKeySpec(keyAsBytes, ALGORITHM);
return key;
}
}
EDIT:-Looks like very close to it. here is my new code and finding
This is the parameter I am encrypting at app1
mySession=84088586B45317C3600978DF9F52A699&securityTok=44a2e4dd89ed1aad438d5e3c16ff528&myurl=https://10.205.112.83:8443
// encrypted as you suggested at app1 and sending encryptedParam as request parameter
//now getting the encryptedParam at app2 from request and decrypted as per your suggestion . As you can see below
everything is decrypted fine at app2 except my URL part(i.e =https://10.205 replaced with ½‡è˜�Àg¸l½.µbO’)
mySession=84088586B45317C3600978DF9F52A699&securityTok=44a2e4dd89ed1aad438d5e3c16ff528&myurl½‡è˜�Àg¸l½.µbO’112.83:8443
Code is
public static String encrypt(String valueToEnc) throws Exception {
Key key = generateKey();
// Key key = buildKey();
Cipher c = Cipher.getInstance(ALGORITHM);
c.init(Cipher.ENCRYPT_MODE, key);
byte[] encValue = c.doFinal(valueToEnc.getBytes(UNICODE_FORMAT));
String encryptedValue1 = new BASE64Encoder().encode(encValue);
String encryptedValue = URLEncoder.encode(encryptedValue1);
return encryptedValue;
}
public static String decrypt(String encryptedValue) throws Exception {
Key key = generateKey();
// Key key = buildKey();
Cipher c = Cipher.getInstance(ALGORITHM);
c.init(Cipher.DECRYPT_MODE, key);
String decordedValueStr = URLDecoder.decode(encryptedValue);
byte[] decordedValue = new BASE64Decoder().decodeBuffer(decordedValueStr);
byte[] decValue = c.doFinal(decordedValue);
// String try1=new BASE64Encoder().encode(decValue);
String decryptedValue = new String(decValue);
return decryptedValue;
}
回答1:
In your encrypt method instead of:
return encryptedValue;
use this code:
return URLEncoder.encode(encryptedValue);
then on receiving side call URLDecoder#decode:
String tmpUrl = URLDecoder.decode(encryptedURL);
// call BASE64Decoder on tmpUrl
// call decrypt on return value of BASE64Decoder
回答2:
You have to use URLEncoding.
- Use URLEncoder to encode the url in app1.
- Use URLDecoder to decode the url in app2.
When server receives the redirected request, anyway it will do URL decode. So you do not have to do it. Just URLEncode in the app1 should solve your problem.
来源:https://stackoverflow.com/questions/10836902/response-sendredirect-replacing-with-space-in-encrypted-url-when-receiving-in