用户输入FormServlet链接
FormServlet-〉form.jsp->DoFormServlet
FormServlet:产生token,放在session中
form.jsp:hidden拿到token数据 并一同提交到>DoFormServlet
DoFormServlet:检测是否重复提交表单
//FormServlet
//产生表单
public class FormServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//产生随机数,表单号
TokenProcessor tp = TokenProcessor.getInstance(); String token = tp.generateToken(); request.getSession().setAttribute("token", token); request.getRequestDispatcher("/form.jsp").forward(request,response);
} public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { doGet(request,response);
} } //随机数发生器
class TokenProcessor{
private TokenProcessor(){} private static final TokenProcessor instance = new TokenProcessor(); public static TokenProcessor getInstance(){
return instance;
} public String generateToken(){
String token = System.currentTimeMillis()+new Random().nextInt()+""; try {
MessageDigest md = MessageDigest.getInstance("md5");
byte[] md5 = md.digest(token.getBytes()); BASE64Encoder encode = new BASE64Encoder(); return encode.encode(md5); } catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
throw new RuntimeException();
}
}
}
//form.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My jsp</title> </head> <body>
<form action="/NANA/servlet/DoFormServlet" method="post">
<input type="hidden" name="token" value="${token}">
用户名:<input type="text" name="username"><br/>
<input type="submit" value="提交">
</form>
</body>
</html>
DoFormServlet:
public class DoFormServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
boolean b = isTokenValid(request);
if(!b){
System.out.println("submitted");
return;
} request.getSession().removeAttribute("token");
System.out.println("success,insert user"); } private boolean isTokenValid(HttpServletRequest request) {
// TODO Auto-generated method stub
String client_token = request.getParameter("token"); if(client_token==null){
return false;
} String server_token = (String)request.getSession().getAttribute("token"); if(server_token==null){
return false;
} if(!client_token.equalsIgnoreCase(server_token)){
return false;
} return true;
} public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request,response);
} }