JAVAWeb_利用Session防止表单重复提交:10-客户端防表单重复提交和服务器端session防表单重复提交

利用Session防止表单重复提交:
10-客户端防表单重复提交和服务器端session防表单重复提交
假如没有防止提交表单,那么,提交的数据就可以通过刷新再次注册
  • 用户名:


  • 						protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    							String username = request.getParameter("username");
    							try {//模拟网络延时,此时狂刷浏览器,或点击提交
    								Thread.sleep(3000);
    							} catch (InterruptedException e) {
    								e.printStackTrace();
    							}
    							System.out.println("向数据库中注入用户。。。。。。。。");
    						}
    					
  • 结果:
    向数据库中注入用户。。。。。。。。
    向数据库中注入用户。。。。。。。。
    向数据库中注入用户。。。。。。。。
    向数据库中注入用户。。。。。。。。
    向数据库中注入用户。。。。。。。。

解决方案一:前台验证阻止

 
   

用户名:

 
   

用户名:

在后台验证:通过token【模仿struts的token标签】

FormServlet.java
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import sun.misc.BASE64Encoder;

/**
 * Servlet implementation class FormServlet
 */
@WebServlet("/FormServlet")
public class FormServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
    /**
     * @see HttpServlet#HttpServlet()
     */
    public FormServlet() {
        super();
        // TODO Auto-generated constructor stub
    }

	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		//产生随机数(表单号)
		TokenProcessor tp = TokenProcessor.getInstance();
		String token = tp.generateToken();
		request.getSession().setAttribute("token", token);
		request.getRequestDispatcher("/form.jsp").forward(request,response);
		
	}

	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}
class TokenProcessor{
	/*
	 * 1,把构造方法私有
	 * 2,自己创建一个
	 * 3,对外暴露一个方法,允许获取上面创建的对象
	 * 
	 * */
	private TokenProcessor() {
	}
	
	private static final TokenProcessor instance = new TokenProcessor();
	public static TokenProcessor getInstance(){
		return instance;
	}
	public String generateToken(){
		String token = System.currentTimeMillis() + new Random().nextInt() + "";
		MessageDigest md;
		try {
			md = MessageDigest.getInstance("md5");
			byte[] md5 = md.digest(token.getBytes());
			//base64编码
			BASE64Encoder encoder = new BASE64Encoder();
			return encoder.encode(md5);
		} catch (NoSuchAlgorithmException e) {
			throw new RuntimeException(e);
		}
	}
	
	
}

		
DoFormServlet.java
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Servlet implementation class DoFormServlet
 */
@WebServlet("/DoFormServlet")
public class DoFormServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
    /**
     * @see HttpServlet#HttpServlet()
     */
    public DoFormServlet() {
        super();
        // TODO Auto-generated constructor stub
    }

	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String username = request.getParameter("username");
//		try {
//			Thread.sleep(3000);
//		} catch (InterruptedException e) {
//			e.printStackTrace();
//		}
//		System.out.println("向数据库中注入用户。。。。。。。。");
		
		boolean b = isTokenValid(request);
		if(!b){
			System.out.println("请不要重复提交");
			return;
		}
		request.getSession().removeAttribute("token");
		System.out.println("向数据库中注入用户。。。。。。。。");
	}

	private boolean isTokenValid(HttpServletRequest request) {
		String client_token = request.getParameter("token");
		if(client_token == null){
			return false;
		}
		String server_token = (String) request.getSession().getAttribute("token");
		if(server_token == null){
			return false;
		}
		if(!client_token.equals(server_token)){//token不等则为重复提价
			return false;
		}
		return true;
	}


	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

		
form.jsp
		
用户名:

1

你可能感兴趣的:(javaWeb,servlet)