JavaWeb实现防表单重复提交
1.表单由Servlet生成一个token,用户提交表单时候,会提交token,服务端根据token判断,如果在session中有token和表单提交的相同,则让用户正确提交,并且删除session中的token,
如果用户提交的token错误或者token为null则拒绝提交
a. 生成token类 generateProcessor.java
package com.luowen.formRepeat; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Random; import sun.misc.BASE64Encoder; public class TokenProcessor { private static final TokenProcessor gp = new TokenProcessor(); private TokenProcessor(){}; //单例模式 public static TokenProcessor getInstance(){ return gp; } public String generateToken(){ String token = System.currentTimeMillis() + " " + new Random().nextInt(); try { //拿到数据指纹 MessageDigest md = MessageDigest.getInstance("MD5"); byte[] byt = md.digest(token.getBytes()); //用Base64编码确保token是可认识的字符 BASE64Encoder be = new BASE64Encoder(); return be.encode(byt); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(); } } }
b.给表单分配一个token FormSerlve.java
package com.luowen.formRepeat; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * Servlet implementation class FormRepeat */ @WebServlet("/FormServlet") public class FormServlet extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public FormServlet() { super(); // TODO Auto-generated constructor stub } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=utf-8"); TokenProcessor gp = TokenProcessor.getInstance(); String token = gp.generateToken(); HttpSession session = request.getSession(); session.setAttribute("token", token); request.getRequestDispatcher("/formRepeat.jsp").forward(request, response); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub doGet(request, response); } }
c.表单jsp页面 formRepeat.jsp
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>form repeat submit</title> </head> <body> <h1>Form submit</h1> <hr/> <form action="/webDemo/JudgeSubmit" method="post" onsubmit="return doSubmit()"> Username:<input type="text" name="username" /><br/> <input type="submit" value="submit" id="sub" /> <input type="hidden" name="token" value="${token}" /> </form> <script> function doSubmit(){ var sub = document.getElementById("sub"); sub.disabled = 'disabled'; return true; } </script> </body> </html>
d.判断用户提交的JudgeSevlet.java
package com.luowen.formRepeat; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Servlet implementation class JudgeSubmit */ @WebServlet("/JudgeSubmit") public class JudgeSubmit extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public JudgeSubmit() { super(); // TODO Auto-generated constructor stub } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub request.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=utf-8"); boolean flag = isRepeat(request); try { Thread.sleep(5000); } catch (InterruptedException e) { e.printStackTrace(); } if(!flag){ response.getWriter().print("表单请勿重复提交"); return; } response.getWriter().print("提交成功弄!"); return; } private boolean isRepeat(HttpServletRequest request) { String clientToken = request.getParameter("token"); String serverToken = (String) request.getSession().getAttribute("token"); //判断客服端是否来了token if(clientToken == null)return false; //判断服务端是否含有token if(serverToken == null)return false; //判断客户端token和服务端是否相等 if(!clientToken.equals(serverToken))return false; //删除服务端token request.getSession().removeAttribute("token"); return true; } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub doGet(request, response); } }
e.jsp通过javascript限制了重复提交,serlvet通过token限制了重复提交.