java web笔记——服务器端防刷新页面重复提交表单
2016-04-27 00:20
417 查看
简易的防止恶意提交表单,刷新页面重复提交,在没有禁止Cookie的情况下防止重启浏览器重复提交。
用Session设置令牌属性,提交后删除Session中的令牌。
Session记录上次提交的时间,短时间内无法重复提交。
表单Servlet :
数据处理Servlet :
用Session设置令牌属性,提交后删除Session中的令牌。
Session记录上次提交的时间,短时间内无法重复提交。
表单Servlet :
package CookieSession;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sun.misc.BASE64Encoder;
/**
* Servlet implementation class FormServlet
*/
public class FormServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.setContentType("text/html;charset=UTF-8");
response.setCharacterEncoding("UTF-8");
PrintWriter out = response.getWriter();
String token = TokenProcessor.getInstance().generateToken();
request.getSession().setAttribute("token", token);
String URL = response.encodeURL("/practice/FormSubmitServlet");
out.print("<form action='"+URL+"' method='post'>");
out.print("<input type='hidden' name='token' value='"+token+"'>");
out.print("<input type='text' name='username'>");
out.print("<input type='submit' value='提交'>");
out.print("</form>");
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
class TokenProcessor {
//构造方法私有,自己产生一个类的对象,定义一个方法返回产生的对象
private TokenProcessor() {};
public static final TokenProcessor instance = new TokenProcessor();
public static TokenProcessor getInstance() {
return instance;
}
public String generateToken() {
String token = System.currentTimeMillis() + "" + new Random().nextInt(99999999);//随机一个令牌
try {
MessageDigest md = MessageDigest.getInstance("md5");
byte[] md5 = md.digest(token.getBytes()); //转换成数据指纹
return new BASE64Encoder().encode(md5);//base64编码后输出
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
throw new RuntimeException(e);
}
}数据处理Servlet :
package CookieSession;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class FormSubmitServlet
*/
public class FormSubmitServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
boolean b = isToken(request);
if(!b) {
System.out.println("表单重复提交");
return;
}
HttpSession session = request.getSession();
Cookie cookie = new Cookie("JSESSIONID", session.getId());
cookie.setPath("/practice");
cookie.setMaxAge(10*60);
response.addCookie(cookie);
String time = Long.toString(System.currentTimeMillis());
if(session.getAttribute("lastSubmit") != null) {//防止刷新页面重复提交
String lastSubmit = (String)session.getAttribute("lastSubmit");
long cut = Long.parseLong(time) - Long.parseLong(lastSubmit);
if(cut < 10*60*1000) {//两次提交时间小于10分钟
//System.out.println(time+","+lastSubmit);
System.out.println("不得重复提交");
return;
}
}
String username = request.getParameter("username");
try {
Thread.sleep(2000);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println(username + "数据已保存");
session.removeAttribute("token");
session.setAttribute("lastSubmit", time);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
public static boolean isToken(HttpServletRequest request) {
String client_token = request.getParameter("token");
if(client_token == null) {
System.out.println("1");
return false;
}
String server_token = (String)request.getSession().getAttribute("token");
if(server_token == null) {
System.out.println("2");
return false;
}
if(!server_token.equals(client_token)) {
System.out.println("3");
return false;
}
return true;
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 【转】Java线程安全和非线程安全
- Java单例模式
- Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted sign...
- Spring事务配置的五种方式
- org.springframework.web.SpringServletContainerInitializer cannot be cast to javax.servlet.Servle...
- 通过三目运算符来看JAVA的自动拆箱和装箱
- Spring Boot 入门
- Java在WEB项目中获取文件路径
- java 日期格式 毫秒
- Java Date Compare 日期比较
- JAVA单例模式
- java通过JDBC_获取数据库连接
- 解决Eclipse 启动后总是Building WorkSpace(sleeping)
- SpringMvc与Struts2的对比,孰优孰劣
- 重新学javaweb---JSP乱码 图解
- Dubbo学习之旅一-初识Dubbo
- Eclipse删除多余的工作空间
- Base64 编解码
- java项目案例 java项目源码 java后台框架源码 企业级 SpringMVC mybatis
- 《Java编程思想》第四版读书笔记 第二章