java 令牌机制
1.Token.Java
- package com.homelink.sales.module.newowner.util;
- import java.util.HashMap;
- import java.util.UUID;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpSession;
- /**
- * 令牌工具类,用来生成令牌及判断令牌是否一致
- * @authorbabyyage
- * @version 1.0 新增 2015-10-29
- */
- public class Token {
- public HashMap<String, Object> map = new HashMap<String, Object>();
- public static String getUUID() {
- UUID uuid = UUID.randomUUID();
- return uuid.toString();
- }
- /**
- * session中保存令牌,并返回该令牌
- * @param session
- * @return
- */
- public static String add(HttpSession session) {
- String token = "";
- if (session.getAttribute("_token") != null) {
- token = String.valueOf(session.getAttribute("_token"));
- }
- String uuid = getUUID();
- token = "," + uuid + token;
- if (token.length() > 185) {
- token = token.substring(0, token.lastIndexOf(44));
- }
- session.setAttribute("_token", token);
- return uuid;
- }
- /**
- * 将参数systoken与session中的令牌进行比较,是否一致
- * @param request
- * @param systoken
- * @return
- */
- public static Boolean check(HttpServletRequest request,String systoken) {
- HttpSession session = request.getSession();
- //String uuid = request.getParameter("systoken");
- String uuid = systoken;
- if (StringUtil.isNulls(new String[] { uuid })) {
- return Boolean.valueOf(false);
- }
- String token = String.valueOf(session.getAttribute("_token"));
- int index = -1;
- if ((index = token.indexOf(uuid)) >= 0) {
- token = token.substring(0, index - 1) + token.substring(index + 36);
- session.setAttribute("_token", token);
- return Boolean.valueOf(true);
- }
- return Boolean.valueOf(false);
- }
- @Deprecated
- public static void remove(HttpServletRequest request) {
- }
- }
StringUtil.isNulls(String[])
- /**
- * 判断一个数组是否为空
- * @param values 数组
- * @return
- */
- ublic static boolean isNulls(String[] values) {
- if ((values == null) || (values.length == 0)) {
- return true;
- }
- for (String value : values) {
- if ((value == null) || (value.matches("\\s*"))) {
- return true;
- }
- }
- return false;
Struct的令牌机制,源码解析(参考:http://blog.sina.cn/dpool/blog/s/blog_59d78c8f0100bkgu.html?vt=4)
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpSession;
- public class TokenUtil {
- public synchronized void saveToken(HttpServletRequest request) {
- HttpSession session = request.getSession();
- String token = generateToken(request);
- if (token != null) {
- session.setAttribute(Globals.TRANSACTION_TOKEN_KEY, token);
- }
- }
- protected String renderToken() {
- StringBuffer results = new StringBuffer();
- HttpSession session = pageContext.getSession();
- if (session != null) {
- String token =
- (String) session.getAttribute(Globals.TRANSACTION_TOKEN_KEY);
- if (token != null) {
- results.append('<input type=\'hidden\' name=\'');
- results.append(Constants.TOKEN_KEY);
- results.append('\' value=\'');
- results.append(token);
- if (this.isXhtml()) {
- results.append('\' />');
- } else {
- results.append('\'>');
- }
- }
- }
- return results.toString();r /> }
- public synchronized boolean isTokenValid(HttpServletRequest request,
- boolean reset) {
- // Retrieve the current session for this request
- HttpSession session = request.getSession(false);
- if (session == null) {
- return false;
- }
- // Retrieve the transaction token from this session, and
- // reset it if requested
- String saved = (String) session
- .getAttribute(Globals.TRANSACTION_TOKEN_KEY);
- if (saved == null) {
- return false;
- }
- if (reset) {
- this.resetToken(request);
- }
- // Retrieve the transaction token included in this request
- String token = request.getParameter(Constants.TOKEN_KEY);
- if (token == null) {
- return false;
- }
- return saved.equals(token);
- }
- public synchronized void resetToken(HttpServletRequest request) {
- HttpSession session = request.getSession(false);
- if (session == null) {
- return;
- }
- session.removeAttribute(Globals.TRANSACTION_TOKEN_KEY);
- }
- }
