Session防止客户端表单提交
这个防止表单提交,struts也是这样写。
通过一个servlet来生成一个表单,下面这个用于生成
1 public void doGet(HttpServletRequest request, HttpServletResponse response) 2 throws ServletException, IOException { 3 TokenProcessor tok = TokenProcessor.newInstance(); 4 String token = tok.generateToken(); 5 request.getSession().setAttribute("token", token); 6 request.getRequestDispatcher("/form.jsp").forward(request, response); 7 } 8 9 10 11 public void doPost(HttpServletRequest request, HttpServletResponse response) 12 throws ServletException, IOException { 13 doGet(request,response); 14 } 15 16 } 17 18 /** 19 * @author du 20 * 单例,用单例减少TokenProcessor被实例的次数,已达到 21 * 返回的字符串相同机率的减少 22 */ 23 class TokenProcessor{ //token : 令牌 24 25 /* 26 * 1.构造函数私有 27 * 2.本身new一个实例 28 * 3.提供对外访问方法 29 * */ 30 private TokenProcessor(){} 31 private static final TokenProcessor instance = new TokenProcessor(); 32 public static TokenProcessor newInstance(){ 33 return instance; 34 } 35 public String generateToken(){ 36 37 String token = System.currentTimeMillis()+new Random().nextInt()+ ""; 38 //得到数据的摘要,相当于指纹,一共128位,java提供MessageDigest 39 //用的算法是md5 40 try { 41 MessageDigest md = MessageDigest.getInstance("md5"); 42 byte[] md5 = md.digest(token.getBytes()); 43 44 //base64编码:返回的是铭文字符串,键盘能看得见的字符 45 // 它是把每三个字节变成4个字节,(每个字节8位,base64每次取6位,并且在前面添加两位'00') 46 BASE64Encoder base = new BASE64Encoder(); 47 return base.encode(md5); 48 } catch (NoSuchAlgorithmException e) { 49 throw new RuntimeException(e); 50 } 51 } 52 }
jsp页面
1 <form action="/day03/servlet/DoFormServlet"> 2 <input type="hidden" value="${token }" name = "token"/> 3 用户名:<input type="text" value="" name="username"/> 4 <input type="submit" value="提交"/> 5 </form>
处理请求Servlet
1 public void doGet(HttpServletRequest request, HttpServletResponse response) 2 throws ServletException, IOException { 3 4 //检查token是否符合 5 boolean flag = checkToken(request); 6 7 if(!flag){ 8 System.out.println("请不要重复提交!!!"); 9 return; 10 } 11 12 request.getSession().removeAttribute("token"); //清除 13 System.out.println("向数据库添加一条记录"); 14 15 } 16 17 private boolean checkToken(HttpServletRequest request) { 18 String token = request.getParameter("token"); 19 String check = (String) request.getSession().getAttribute("token"); 20 if(token==null){ 21 return false; 22 } 23 if(check==null){ 24 return false; 25 } 26 if(!token.equals(check)){ 27 return false; 28 } 29 30 return true; 31 } 32 33 public void doPost(HttpServletRequest request, HttpServletResponse response) 34 throws ServletException, IOException { 35 36 doGet(request, response); 37 }
如果有使用请标明来源:http://www.cnblogs.com/duwenlei/