• session------>防表单重复提交


    方法一:用js控制表单提交---》但是容易在客户端被篡改代码,还是要加的

    方法二:session

    先给每一个表带上唯一的标志,再把标志存入session

    当session中标志和表上标志都不为空 ,且相等的情况下,提交表单成功,否则失败

    下面是demo

    目的:访问FormServlet----->加上标记后,转发到form.jsp----->提交的DoFormServlet.java来判断标记是否相等

    FormServlet.java

    /**
     * 产生表单
     */
    @WebServlet("/FormServlet")
    public class FormServlet extends HttpServlet {    
        protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
            
            //生产随机号
            TokenProcessor tp=new TokenProcessor();
            String token=tp.generateToken();
            
            //在session中存入标记
            request.getSession().setAttribute("token", token);
            
            //转发到form.jsp
            request.getRequestDispatcher("/form.jsp").forward(request,response);//转发
            
        }
    
        /**
         * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
         */
        protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
            // TODO Auto-generated method stub
            doGet(request, response);
        }
    
    }
    class TokenProcessor{//令牌
        /**
         * 1.构造方法私有
         * 2.自己构造一个
         * 3.对外暴露一个方法,允许获取上面创建的对象
         * 
         */
        TokenProcessor(){};
        private static final TokenProcessor instance=new TokenProcessor();
        public static TokenProcessor getInstance(){
            return instance;
        }
        public String generateToken(){
            String token = System.currentTimeMillis()+new Random().nextInt()+"";//这里产生的随机数的长短不一样
            try {
                MessageDigest md=MessageDigest.getInstance("md5");//通过md5算法,得到数据指纹,数据指纹大小是一样的
                byte[] md5=md.digest(token.getBytes());
                //base64--->通过这个算法把字节转化成范围(0--63)键盘可见的字符(二进制的三个字节转化成四个字节)
                BASE64Encoder encoder=new BASE64Encoder();
                return encoder.encode(md5);
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
            }
            return null;
        }   
    }
    

     form.jsp

    <%@ page language="java" contentType="text/html; charset=UTF-8"
        pageEncoding="UTF-8"%>
    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Insert title here</title>
    </head>
    <body>
    <form action="/day06/DoFormServlet" method="post ">
    <input type="hidden" name="token" value="${token}">
    用户名:<input type="text" name="username"  />
    <input type="submit" value="提交">
    </body>
    </html>
    

     DoFormServlet.java

    /**
     * 判断标记
     */
    @WebServlet("/DoFormServlet")
    public class DoFormServlet extends HttpServlet {
    	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    		response.setCharacterEncoding("UTF_8");
    		response.setContentType("text/html;charset=UTF-8");
    		PrintWriter out=response.getWriter();
    		boolean b=isTokenvalid(request);//判断是否重复提交
    		if(!b){
    			out.write("请不要重复提交表单");
    			return;
    		}
    		request.getSession(false).removeAttribute("token");//提交成功,session标记失效
    		out.write("处理表单");
    		
    	}
    
    	/**
    	 * @param request
    	 * @return
    	 */
    	private boolean isTokenvalid(HttpServletRequest request) {
    		String client_token=request.getParameter("token");//表单上的标记不为空
    		if(client_token==null){
    			return false;
    		}
    		String token=(String) request.getSession(false).getAttribute("token");
    		if(token==null){//存入session中标记不为空
    			return false;
    		}
    		if(!token.equals(client_token)){//session中的标记和表单一致,表单未被篡改
    			return false;
    		}	
    		return true;
    	}
    
    	/**
    	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
    	 */
    	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    		// TODO Auto-generated method stub
    		doGet(request, response);
    	}
    }
    
  • 相关阅读:
    【Python进阶】用 Python 统计字数
    【Python进阶】无论API怎么变,SDK都可以根据URL实现完全动态的调用
    【机器学习_吴恩达_笔记】(一)机器学习的动机和应用
    【Python入门总结】
    【Python入门学习】列表生成和函数生成器的方式实现杨辉三角
    【Python入门学习】闭包&装饰器&开放封闭原则
    【Pthon入门学习】利用slice实现str的strip函数,类似C#中的string.trim
    【Pthon入门学习】99乘法表
    【Pthon入门学习】多级菜单小例子
    要素图层范围查询属性arcgis api for js(featuretable根据上篇的优化)原创
  • 原文地址:https://www.cnblogs.com/SnowingYXY/p/6689551.html
Copyright © 2020-2023  润新知