用户输入FormServlet链接
FormServlet-〉form.jsp->DoFormServlet
FormServlet:产生token,放在session中
form.jsp:hidden拿到token数据 并一同提交到>DoFormServlet
DoFormServlet:检测是否重复提交表单
//FormServlet
//产生表单 public class FormServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //产生随机数,表单号 TokenProcessor tp = TokenProcessor.getInstance(); String token = tp.generateToken(); request.getSession().setAttribute("token", token); request.getRequestDispatcher("/form.jsp").forward(request,response); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request,response); } } //随机数发生器 class TokenProcessor{ private TokenProcessor(){} private static final TokenProcessor instance = new TokenProcessor(); public static TokenProcessor getInstance(){ return instance; } public String generateToken(){ String token = System.currentTimeMillis()+new Random().nextInt()+""; try { MessageDigest md = MessageDigest.getInstance("md5"); byte[] md5 = md.digest(token.getBytes()); BASE64Encoder encode = new BASE64Encoder(); return encode.encode(md5); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block throw new RuntimeException(); } } }
//form.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>My jsp</title> </head> <body> <form action="/NANA/servlet/DoFormServlet" method="post"> <input type="hidden" name="token" value="${token}"> 用户名:<input type="text" name="username"><br/> <input type="submit" value="提交"> </form> </body> </html>
DoFormServlet:
public class DoFormServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { boolean b = isTokenValid(request); if(!b){ System.out.println("submitted"); return; } request.getSession().removeAttribute("token"); System.out.println("success,insert user"); } private boolean isTokenValid(HttpServletRequest request) { // TODO Auto-generated method stub String client_token = request.getParameter("token"); if(client_token==null){ return false; } String server_token = (String)request.getSession().getAttribute("token"); if(server_token==null){ return false; } if(!client_token.equalsIgnoreCase(server_token)){ return false; } return true; } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request,response); } }