您的位置:首页 > 编程语言 > Java开发

JAVAWeb_利用Session防止表单重复提交:10-客户端防表单重复提交和服务器端session防表单重复提交

2013-02-19 22:51 806 查看
利用Session防止表单重复提交:

10-客户端防表单重复提交和服务器端session防表单重复提交

假如没有防止提交表单,那么,提交的数据就可以通过刷新再次注册

<form action="DoFormServlet">
用户名:<input type="text" name="username"/>
<input type="submit" value="提交">
</form>


protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
try {//模拟网络延时,此时狂刷浏览器,或点击提交
Thread.sleep(3000);
} catch (InterruptedException e) {
e.printStackTrace();
}
System.out.println("向数据库中注入用户。。。。。。。。");
}


结果:

向数据库中注入用户。。。。。。。。

向数据库中注入用户。。。。。。。。

向数据库中注入用户。。。。。。。。

向数据库中注入用户。。。。。。。。

向数据库中注入用户。。。。。。。。

解决方案一:前台验证阻止
<script>

function dosubmit(){
var input = document.getElementById("submit");
input.disabled = 'disabled';
return true;

}
</script>
<form action="DoFormServlet" onsubmit="return dosubmit();">
用户名:<input type="text" name="username"/>
<input type="submit" id="submit" value="提交" >
</form>


<script>
var iscommitted = false;
function dosubmit(){
if(!iscommitted){
iscommitted = true;
return true;
}else{
return false;
}
}

}
</script>
<form action="DoFormServlet" onsubmit="return dosubmit();">
用户名:<input type="text" name="username"/>
<input type="submit" id="submit" value="提交" >
</form>


在后台验证:通过token【模仿struts的token标签】
FormServlet.java
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import sun.misc.BASE64Encoder;

/**
* Servlet implementation class FormServlet
*/
@WebServlet("/FormServlet")
public class FormServlet extends HttpServlet {
private static final long serialVersionUID = 1L;

/**
* @see HttpServlet#HttpServlet()
*/
public FormServlet() {
super();
// TODO Auto-generated constructor stub
}

/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//产生随机数(表单号)
TokenProcessor tp = TokenProcessor.getInstance();
String token = tp.generateToken();
request.getSession().setAttribute("token", token);
request.getRequestDispatcher("/form.jsp").forward(request,response);

}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}

}
class TokenProcessor{
/*
* 1,把构造方法私有
* 2,自己创建一个
* 3,对外暴露一个方法,允许获取上面创建的对象
*
* */
private TokenProcessor() {
}

private static final TokenProcessor instance = new TokenProcessor();
public static TokenProcessor getInstance(){
return instance;
}
public String generateToken(){
String token = System.currentTimeMillis() + new Random().nextInt() + "";
MessageDigest md;
try {
md = MessageDigest.getInstance("md5");
byte[] md5 = md.digest(token.getBytes());
//base64编码
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(md5);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}

}

DoFormServlet.java
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
* Servlet implementation class DoFormServlet
*/
@WebServlet("/DoFormServlet")
public class DoFormServlet extends HttpServlet {
private static final long serialVersionUID = 1L;

/**
* @see HttpServlet#HttpServlet()
*/
public DoFormServlet() {
super();
// TODO Auto-generated constructor stub
}

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
//try {
//	Thread.sleep(3000);
//} catch (InterruptedException e) {
//	e.printStackTrace();
//}
//System.out.println("向数据库中注入用户。。。。。。。。");

boolean b = isTokenValid(request);
if(!b){
System.out.println("请不要重复提交");
return;
}
request.getSession().removeAttribute("token");
System.out.println("向数据库中注入用户。。。。。。。。");
}

private boolean isTokenValid(HttpServletRequest request) {
String client_token = request.getParameter("token");
if(client_token == null){
return false;
}
String server_token = (String) request.getSession().getAttribute("token");
if(server_token == null){
return false;
}
if(!client_token.equals(server_token)){//token不等则为重复提价
return false;
}
return true;
}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}

}

form.jsp

<form action="DoFormServlet" method="post">
用户名:<input type="text" name="username"/>
<input type="hidden" name="token" value="${token }"/>
<input type="submit" id="submit" value="提交" >
</form>


1

                                            

                                        

                        
                        内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息 
                    

                    

                    

                        

                         标签: 
                                                

                        

                    


                

            


            

                
相关文章推荐

                

                
            

        

        

            

            
            

                

                    
新的分享

                    

                        
                    

                

            


            

                

                    
章节导航