JSP页面token类引入:
<%@ page import="com.shmc.union.webapp.action.login.Token" %>
Form表单添加隐藏token:
<input type="hidden" id="token" name="<%=Token.TOKEN_STRING_NAME %>" value="<%=Token.getTokenString(session) %>">
JAVA代码token校验:
private final Logger logger =Logger.getLogger(Token.class);
if(!Token.isTokenStringValid(this.getRequest().getParameter("token"), this.getRequest().getSession())){
System.out.println("-----token---false----"+this.getRequest().getParameter("token"));
logger.debug("CSRF attack detected. URL: region_edit.do");
return "fail";
}
Token.java:https://files.cnblogs.com/files/chonghaojie/Token.zip