java_客户端防表单重复提交和服务器端session防表单重复提交
2024-10-19 04:27:44
用户输入FormServlet链接
FormServlet-〉form.jsp->DoFormServlet
FormServlet:产生token,放在session中
form.jsp:hidden拿到token数据 并一同提交到>DoFormServlet
DoFormServlet:检测是否重复提交表单
//FormServlet
//产生表单
public class FormServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//产生随机数,表单号
TokenProcessor tp = TokenProcessor.getInstance(); String token = tp.generateToken(); request.getSession().setAttribute("token", token); request.getRequestDispatcher("/form.jsp").forward(request,response);
} public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { doGet(request,response);
} } //随机数发生器
class TokenProcessor{
private TokenProcessor(){} private static final TokenProcessor instance = new TokenProcessor(); public static TokenProcessor getInstance(){
return instance;
} public String generateToken(){
String token = System.currentTimeMillis()+new Random().nextInt()+""; try {
MessageDigest md = MessageDigest.getInstance("md5");
byte[] md5 = md.digest(token.getBytes()); BASE64Encoder encode = new BASE64Encoder(); return encode.encode(md5); } catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
throw new RuntimeException();
}
}
}
//form.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My jsp</title> </head> <body>
<form action="/NANA/servlet/DoFormServlet" method="post">
<input type="hidden" name="token" value="${token}">
用户名:<input type="text" name="username"><br/>
<input type="submit" value="提交">
</form>
</body>
</html>
DoFormServlet:
public class DoFormServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
boolean b = isTokenValid(request);
if(!b){
System.out.println("submitted");
return;
}
request.getSession().removeAttribute("token");
System.out.println("success,insert user");
}
private boolean isTokenValid(HttpServletRequest request) {
// TODO Auto-generated method stub
String client_token = request.getParameter("token");
if(client_token==null){
return false;
}
String server_token = (String)request.getSession().getAttribute("token");
if(server_token==null){
return false;
}
if(!client_token.equalsIgnoreCase(server_token)){
return false;
}
return true;
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request,response);
}
}
最新文章
- web前端面试总结
- hdu2066一个人的旅行(多源点多汇点的最短路径问题)
- GHOST WIN7系统64位经典优化版 V2016年
- iOS开发中使用静态库 .a 文件
- 【转】linux下tty,控制台,虚拟终端,串口,console(控制台终端)详解----不错
- 2、Lucene 最简单的使用(小例子)
- 191. Number of 1 Bits Leetcode Python
- NYOJ 904 search(stable_sort函数的应用)
- 通过BitSet完成对单词使用字母的统计
- Java web servers 间是如何实现 session 同步的
- API.day01
- windows微信双开
- Weblogic java生成wlfullclient.jar
- Codeforces Round #459 Div. 1
- Ubuntu 云服务器上部署自己的 Rails 应用
- python中通过字符串名来调用函数
- Android应用安全防护和逆向分析 ——apk混淆成其他语言代码
- linux下tree命令详解
- java外观模式(Facade)
- [LOJ #6433]「PKUSC2018」最大前缀和