自学Servlet_10_session(关于表单)

防止表单重复提交：

首先，在前台用js禁止。

其次：用session禁止(重点)。

许多框架的工作原理：

 

//产生表单
public class FormServlet extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		response.setContentType("text/html;charset=UTF-8");
		response.setCharacterEncoding("UTF-8");
		PrintWriter  out = response.getWriter();
		
		
		String token = TokenProcessor.getInstance().generateToken();
		request.getSession().setAttribute("token", token);
		
		out.print("<form action='/day07/servlet/FormSubmitServlet' method='post'>");
			out.print("<input type='hidden' name='token' value='"+token+"'>");
			out.print("<input type='text' name='username'>");
			out.print("<input type='submit' value='提交'>");
		out.print("</form>");
		
		
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		doGet(request, response);
	}
}

class TokenProcessor{
	//1.  把构造方法私有
	//2.  自己产生一个类的对象
	//3.  定义一个方法返回上面产生的对象
	
	private TokenProcessor(){};
	public static final TokenProcessor instance = new TokenProcessor();
	public static TokenProcessor getInstance(){
		return instance;
	}
	
	public String generateToken(){
		
		//3843849384   9849238402840243802  983434
		String token = System.currentTimeMillis() + "" + new Random().nextInt(99999999);
		
		//数据指纹 数据摘要  md5
		try {
			MessageDigest md = MessageDigest.getInstance("md5"); 
			byte md5[] = md.digest(token.getBytes());   //128位  16【12，23，34，544543543543，】
			
			//base64编码    SABDSSDSD
			BASE64Encoder encoder = new BASE64Encoder();
			return encoder.encode(md5);
		} catch (NoSuchAlgorithmException e) {
			throw new RuntimeException(e);
		}
	}
}

 测试servlet

public class FormSubmitServlet extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		boolean b = isToken(request);
		if(!b){
			//用户带过来的令牌无效，阻止提交
			System.out.println("你是重复提交！！");
			return;
		}
		
		//用户带过来的令牌有效，处理提交
		request.getSession().removeAttribute("token");
		
		String username = request.getParameter("username");
		//把用户提交的数据保存到数据库中
		System.out.println("处理提交请求，把" + username + "保存到数库中！！");
		
	}

	//判断用户带过来的令牌是否有效
	private synchronized boolean isToken(HttpServletRequest request) {
		String client_token = request.getParameter("token");
		if(client_token==null){
			return false;
		}
		
		String server_token = (String) request.getSession().getAttribute("token");
		if(server_token==null){
			return false;
		}
		
		if(!client_token.equals(server_token)){
			return false;
		}
		
		return true;
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		doGet(request, response);
	}

}