码迷,mamicode.com
首页 > 其他好文 > 详细

Session应用之---防止表单重复提交

时间:2014-11-04 01:37:34      阅读:256      评论:0      收藏:0      [点我收藏+]

标签:防表单重复提交

                                          Session应用之---防止表单重复提交

客户端防止(采用JavaScript阻止方式):
              PS:防得住君子,防不了小人

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>防表单重复提交</title>
	
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
    <meta http-equiv="description" content="this is my page">
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
    
    <!--<link rel="stylesheet" type="text/css" href="./styles.css">-->

	<script type="text/javascript">
		/*
		var iscommitted = false;
		function dosubmit(){
			if(!iscommitted){
				iscommitted = true;
				return true;
			}else{
				return false;
			}
			
		}
		*/
		function dosubmit(){
			document.getElementById("submit").disabled = 'disabled';
			return true;
		}
		
	</script>

  </head>
  
  <body>
    <form action="/day07/servlet/FormSubmitServlet" method="post" onsubmit="return dosubmit()">
    	用户名:<input type="text" name="username"><br/>
    	<input id="submit" type="submit" value="提交">
    </form>
  </body>
</html>




服务器端防止:
       表单页面由servlet程序生成,servlet为每次产生的表单页面分配一个唯一的随机标识号,并在FORM表单的一个隐藏字段中设置这个标识号,同时在当前用户的Session域中保存这个标识号。 
       当用户提交FORM表单时,负责处理表单提交的serlvet得到表单提交的标识号,并与session中存储的标识号比较,如果相同则处理表单提交,处理完后清除当前用户的Session域中存储的标识号。
在下列情况下,服务器程序将拒绝用户提交的表单请求:
1,存储Session域中的表单标识号与表单提交的标识号不同
2,当前用户的Session中不存在表单标识号
3,用户提交的表单数据中没有标识号字段


产生表单:
package cn.itcast.form;

import java.io.IOException;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import sun.misc.BASE64Encoder;
//产生表单
public class FormServlet extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		response.setContentType("text/html;charset=UTF-8");
		response.setCharacterEncoding("UTF-8");
		PrintWriter  out = response.getWriter();
		
		
		String token = TokenProcessor.getInstance().generateToken();
		request.getSession().setAttribute("token", token);
		
		out.print("<form action='/day07/servlet/FormSubmitServlet' method='post'>");
			out.print("<input type='hidden' name='token' value='"+token+"'>");
			out.print("<input type='text' name='username'>");
			out.print("<input type='submit' value='提交'>");
		out.print("</form>");
		
		
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		doGet(request, response);
	}
}

class TokenProcessor{
	//1.  把构造方法私有
	//2.  自己产生一个类的对象
	//3.  定义一个方法返回上面产生的对象
	
	private TokenProcessor(){};
	public static final TokenProcessor instance = new TokenProcessor();
	public static TokenProcessor getInstance(){
		return instance;
	}
	
	public String generateToken(){
		
		//3843849384   9849238402840243802  983434
		String token = System.currentTimeMillis() + "" + new Random().nextInt(99999999);
		
		//数据指纹 数据摘要  md5
		try {
			MessageDigest md = MessageDigest.getInstance("md5"); 
			byte md5[] = md.digest(token.getBytes());   //128位  16个字节【12,23,34,544543543543,】
			
			//base64编码    SABDSSDSD
			BASE64Encoder encoder = new BASE64Encoder();
			return encoder.encode(md5);


		} catch (NoSuchAlgorithmException e) {
			throw new RuntimeException(e);
		}
	}
}


检验是否重复提交:
package cn.itcast.form;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class FormSubmitServlet extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		boolean b = isToken(request);
		if(!b){
			//用户带过来的令牌无效,阻止提交
			System.out.println("你是重复提交!!");
			return;
		}
		
		//用户带过来的令牌有效,处理提交
		request.getSession().removeAttribute("token");
		
		String username = request.getParameter("username");
		//把用户提交的数据保存到数据库中
		System.out.println("处理提交请求,把" + username + "保存到数库中!!");
		
	}

	//判断用户带过来的令牌是否有效
	private synchronized boolean isToken(HttpServletRequest request) {
		String client_token = request.getParameter("token");
		if(client_token==null){
			return false;
		}
		
		String server_token = (String) request.getSession().getAttribute("token");
		if(server_token==null){
			return false;
		}
		
		if(!client_token.equals(server_token)){
			return false;
		}
		
		return true;
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		doGet(request, response);
	}

}



Session应用之---防止表单重复提交

标签:防表单重复提交

原文地址:http://blog.csdn.net/u010590318/article/details/40757857

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!