Session防止客户端表单提交

  这个防止表单提交,struts也是这样写。

  通过一个servlet来生成一个表单,下面这个用于生成

 1     public void doGet(HttpServletRequest request, HttpServletResponse response)
 2             throws ServletException, IOException {
 3         TokenProcessor tok = TokenProcessor.newInstance();
 4         String token = tok.generateToken();
 5         request.getSession().setAttribute("token", token);
 6         request.getRequestDispatcher("/form.jsp").forward(request, response);
 7     }
 8     
 9 
10 
11     public void doPost(HttpServletRequest request, HttpServletResponse response)
12             throws ServletException, IOException {
13         doGet(request,response);
14     }
15 
16 }
17 
18 /**
19  * @author du
20  * 单例,用单例减少TokenProcessor被实例的次数,已达到
21  * 返回的字符串相同机率的减少
22  */
23 class TokenProcessor{ //token : 令牌
24     
25     /*
26      * 1.构造函数私有
27      * 2.本身new一个实例
28      * 3.提供对外访问方法
29      * */
30     private TokenProcessor(){}
31     private static final TokenProcessor instance = new TokenProcessor();
32     public static TokenProcessor newInstance(){
33         return instance;
34     }
35     public String generateToken(){
36         
37         String token = System.currentTimeMillis()+new Random().nextInt()+ "";
38         //得到数据的摘要,相当于指纹,一共128位,java提供MessageDigest
39         //用的算法是md5
40         try {
41             MessageDigest md =  MessageDigest.getInstance("md5");
42             byte[] md5 = md.digest(token.getBytes());
43             
44             //base64编码:返回的是铭文字符串,键盘能看得见的字符
45             //                它是把每三个字节变成4个字节,(每个字节8位,base64每次取6位,并且在前面添加两位'00')
46             BASE64Encoder base = new BASE64Encoder();
47             return base.encode(md5);
48         } catch (NoSuchAlgorithmException e) {
49             throw new RuntimeException(e);
50         }
51     }
52 }

  jsp页面

1 <form action="/day03/servlet/DoFormServlet">
2         <input type="hidden" value="${token }" name = "token"/>
3          用户名:<input type="text" value="" name="username"/>
4         <input type="submit" value="提交"/>
5     </form>

  处理请求Servlet

 1          public void doGet(HttpServletRequest request, HttpServletResponse response)
 2             throws ServletException, IOException {
 3         
 4         //检查token是否符合
 5         boolean flag = checkToken(request);
 6         
 7         if(!flag){
 8             System.out.println("请不要重复提交!!!");
 9             return;
10         }
11         
12         request.getSession().removeAttribute("token"); //清除
13         System.out.println("向数据库添加一条记录");
14         
15     }
16 
17     private boolean checkToken(HttpServletRequest request) {
18         String token = request.getParameter("token");
19         String check = (String) request.getSession().getAttribute("token");
20         if(token==null){
21             return false;
22         }
23         if(check==null){
24             return false;
25         }
26         if(!token.equals(check)){
27             return false;
28         }
29         
30         return true;
31     }
32 
33     public void doPost(HttpServletRequest request, HttpServletResponse response)
34             throws ServletException, IOException {
35 
36         doGet(request, response);
37     }

 

posted @ 2013-12-30 11:29  哎呦喂,我的小祖宗╰つ  阅读(201)  评论(0编辑  收藏  举报