java web笔记——服务器端防刷新页面重复提交表单
2016-04-27 00:20
417 查看
简易的防止恶意提交表单,刷新页面重复提交,在没有禁止Cookie的情况下防止重启浏览器重复提交。
用Session设置令牌属性,提交后删除Session中的令牌。
Session记录上次提交的时间,短时间内无法重复提交。
表单Servlet :
数据处理Servlet :
用Session设置令牌属性,提交后删除Session中的令牌。
Session记录上次提交的时间,短时间内无法重复提交。
表单Servlet :
package CookieSession; import java.io.IOException; import java.io.PrintWriter; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Random; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import sun.misc.BASE64Encoder; /** * Servlet implementation class FormServlet */ public class FormServlet extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub response.setContentType("text/html;charset=UTF-8"); response.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter(); String token = TokenProcessor.getInstance().generateToken(); request.getSession().setAttribute("token", token); String URL = response.encodeURL("/practice/FormSubmitServlet"); out.print("<form action='"+URL+"' method='post'>"); out.print("<input type='hidden' name='token' value='"+token+"'>"); out.print("<input type='text' name='username'>"); out.print("<input type='submit' value='提交'>"); out.print("</form>"); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub doGet(request, response); } } class TokenProcessor { //构造方法私有,自己产生一个类的对象,定义一个方法返回产生的对象 private TokenProcessor() {}; public static final TokenProcessor instance = new TokenProcessor(); public static TokenProcessor getInstance() { return instance; } public String generateToken() { String token = System.currentTimeMillis() + "" + new Random().nextInt(99999999);//随机一个令牌 try { MessageDigest md = MessageDigest.getInstance("md5"); byte[] md5 = md.digest(token.getBytes()); //转换成数据指纹 return new BASE64Encoder().encode(md5);//base64编码后输出 } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block throw new RuntimeException(e); } }
数据处理Servlet :
package CookieSession; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * Servlet implementation class FormSubmitServlet */ public class FormSubmitServlet extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub boolean b = isToken(request); if(!b) { System.out.println("表单重复提交"); return; } HttpSession session = request.getSession(); Cookie cookie = new Cookie("JSESSIONID", session.getId()); cookie.setPath("/practice"); cookie.setMaxAge(10*60); response.addCookie(cookie); String time = Long.toString(System.currentTimeMillis()); if(session.getAttribute("lastSubmit") != null) {//防止刷新页面重复提交 String lastSubmit = (String)session.getAttribute("lastSubmit"); long cut = Long.parseLong(time) - Long.parseLong(lastSubmit); if(cut < 10*60*1000) {//两次提交时间小于10分钟 //System.out.println(time+","+lastSubmit); System.out.println("不得重复提交"); return; } } String username = request.getParameter("username"); try { Thread.sleep(2000); } catch (InterruptedException e) { // TODO Auto-generated catch block e.printStackTrace(); } System.out.println(username + "数据已保存"); session.removeAttribute("token"); session.setAttribute("lastSubmit", time); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub doGet(request, response); } public static boolean isToken(HttpServletRequest request) { String client_token = request.getParameter("token"); if(client_token == null) { System.out.println("1"); return false; } String server_token = (String)request.getSession().getAttribute("token"); if(server_token == null) { System.out.println("2"); return false; } if(!server_token.equals(client_token)) { System.out.println("3"); return false; } return true; } }
相关文章推荐
- 【转】Java线程安全和非线程安全
- Java单例模式
- Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted sign...
- Spring事务配置的五种方式
- org.springframework.web.SpringServletContainerInitializer cannot be cast to javax.servlet.Servle...
- 通过三目运算符来看JAVA的自动拆箱和装箱
- Spring Boot 入门
- Java在WEB项目中获取文件路径
- java 日期格式 毫秒
- Java Date Compare 日期比较
- JAVA单例模式
- java通过JDBC_获取数据库连接
- 解决Eclipse 启动后总是Building WorkSpace(sleeping)
- SpringMvc与Struts2的对比,孰优孰劣
- 重新学javaweb---JSP乱码 图解
- Dubbo学习之旅一-初识Dubbo
- Eclipse删除多余的工作空间
- Base64 编解码
- java项目案例 java项目源码 java后台框架源码 企业级 SpringMVC mybatis
- 《Java编程思想》第四版读书笔记 第二章