java_客户端防表单重复提交和服务器端session防表单重复提交

用户输入FormServlet链接

FormServlet-〉form.jsp->DoFormServlet

FormServlet:产生token,放在session中

form.jsp:hidden拿到token数据 并一同提交到>DoFormServlet

DoFormServlet:检测是否重复提交表单

 

//FormServlet

//产生表单
public class FormServlet extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		//产生随机数,表单号
		TokenProcessor tp = TokenProcessor.getInstance();
		
		String token = tp.generateToken();
		
		request.getSession().setAttribute("token", token);
		
		request.getRequestDispatcher("/form.jsp").forward(request,response);
	}

	
	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		doGet(request,response);
	}

}

//随机数发生器
class TokenProcessor{
	private TokenProcessor(){}
	
	private static final TokenProcessor instance = new TokenProcessor();
	
	public static TokenProcessor getInstance(){
		return instance;
	}
	
	public String generateToken(){
		String token = System.currentTimeMillis()+new Random().nextInt()+"";
		
		try {
			MessageDigest md = MessageDigest.getInstance("md5");
			byte[] md5 = md.digest(token.getBytes());
			
			BASE64Encoder encode = new BASE64Encoder();
			
			return encode.encode(md5);
			
		} catch (NoSuchAlgorithmException e) {
			// TODO Auto-generated catch block
			throw new RuntimeException();
		}		
	}
}


//form.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
	<title>My jsp</title>

  </head>
  
  <body>
     <form action="/NANA/servlet/DoFormServlet" method="post">
     <input type="hidden" name="token" value="${token}">
     用户名:<input type="text" name="username"><br/>
     <input type="submit" value="提交">
     </form>
  </body>
</html>


 

DoFormServlet:

public class DoFormServlet extends HttpServlet {


	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		boolean b = isTokenValid(request);
		if(!b){
			System.out.println("submitted");
			return;
		}
		
		request.getSession().removeAttribute("token");
		System.out.println("success,insert user");
		
	}


	private boolean isTokenValid(HttpServletRequest request) {
		// TODO Auto-generated method stub
		String client_token = request.getParameter("token");
		
		if(client_token==null){
			return false;
		}
		
		String server_token = (String)request.getSession().getAttribute("token");
		
		if(server_token==null){
			return false;
		}
		
		if(!client_token.equalsIgnoreCase(server_token)){
			return false;
		}
		
		return true;
	}


	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		doGet(request,response);
	}

}


 

 

 

 

 

 

 

posted @ 2013-12-21 22:35  MrMrCash  阅读(230)  评论(0编辑  收藏  举报