Session进修:防止用户反复提交表单(单态设计模式-原子设计模式+MD5技巧&Base6
添加时间:2013-6-11 点击量:
1,FormServlet.java 设计一个表单提交数据,防止用户反复提交数据到办事器,实现阻拦代码如下:
import java.io.IOException;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sun.misc.BASE64Encoder;
//负责产生表单
public class FormServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType(text/html;charset=UTF-8);
PrintWriter out = response.getWriter();
String token = TokenProccessor.getInstance().makeToken();
request.getSession().setAttribute(token, token); //在办事器端保存随机数
out.println(<form action=/day07/servlet/DoFormServlet method=post>);
out.write(<input type=hidden name=token value=+token+>);
out.println(用户名:<input type=text name=username>);
out.println(<input type=submit value=提交>);
out.println(</form>);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
class TokenProccessor{//应用令牌生成随机数 应用到MD5技巧 和 BASE 64技巧
/
单态设计模式(包管类的对象在内存中只有一个)
1、把类的机关函数私有
2、本身创建一个类的对象
3、对外供给一个公共的办法,返回类的对象
/
private TokenProccessor(){}
private static final TokenProccessor instance = new TokenProccessor();
public static TokenProccessor getInstance(){
return instance;
}
public String makeToken(){ //checkException
// 7346734837483 834u938493493849384 43434384
String token = (System.currentTimeMillis() + new Random().nextInt(999999999)) + ;
//数据指纹 128位长 16个字节 md5
try {
MessageDigest md = MessageDigest.getInstance(md5);
byte md5[] = md.digest(token.getBytes());
//base64编码--随便率性二进制编码明文字符 adfsdfsdfsf
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(md5);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
}
2,DoFormServlet.java 分别在客户端和办事器端阻拦反复提交数据功能实现,代码如下:
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class DoFormServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
boolean b = isToken(request); //断定用户是否是反复提交
if(b==true){
System.out.println(请不要反复提交);
return;
}
request.getSession().removeAttribute(token);
System.out.println(处理惩罚用户提交恳求!!);
}
private boolean isToken(HttpServletRequest request) {
String client_token = request.getParameter(token);
if(client_token==null){//断定客户端令牌是否为空
return true;
}
String server_token = (String) request.getSession().getAttribute(token);
if(server_token==null){//断定办事器端令牌是否为空
return true;
}
if(!client_token.equals(server_token)){//断定客服端令牌与办事器端令牌是否一致
return true;
}
return false;
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
我们永远不要期待别人的拯救,只有自己才能升华自己。自己已准备好了多少容量,方能吸引对等的人与我们相遇,否则再美好的人出现、再动人的事情降临身边,我们也没有能量去理解与珍惜,终将擦肩而过。—— 姚谦《品味》
1,FormServlet.java 设计一个表单提交数据,防止用户反复提交数据到办事器,实现阻拦代码如下:
import java.io.IOException;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sun.misc.BASE64Encoder;
//负责产生表单
public class FormServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType(text/html;charset=UTF-8);
PrintWriter out = response.getWriter();
String token = TokenProccessor.getInstance().makeToken();
request.getSession().setAttribute(token, token); //在办事器端保存随机数
out.println(<form action=/day07/servlet/DoFormServlet method=post>);
out.write(<input type=hidden name=token value=+token+>);
out.println(用户名:<input type=text name=username>);
out.println(<input type=submit value=提交>);
out.println(</form>);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
class TokenProccessor{//应用令牌生成随机数 应用到MD5技巧 和 BASE 64技巧
/
单态设计模式(包管类的对象在内存中只有一个)
1、把类的机关函数私有
2、本身创建一个类的对象
3、对外供给一个公共的办法,返回类的对象
/
private TokenProccessor(){}
private static final TokenProccessor instance = new TokenProccessor();
public static TokenProccessor getInstance(){
return instance;
}
public String makeToken(){ //checkException
// 7346734837483 834u938493493849384 43434384
String token = (System.currentTimeMillis() + new Random().nextInt(999999999)) + ;
//数据指纹 128位长 16个字节 md5
try {
MessageDigest md = MessageDigest.getInstance(md5);
byte md5[] = md.digest(token.getBytes());
//base64编码--随便率性二进制编码明文字符 adfsdfsdfsf
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(md5);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
}
2,DoFormServlet.java 分别在客户端和办事器端阻拦反复提交数据功能实现,代码如下:
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class DoFormServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
boolean b = isToken(request); //断定用户是否是反复提交
if(b==true){
System.out.println(请不要反复提交);
return;
}
request.getSession().removeAttribute(token);
System.out.println(处理惩罚用户提交恳求!!);
}
private boolean isToken(HttpServletRequest request) {
String client_token = request.getParameter(token);
if(client_token==null){//断定客户端令牌是否为空
return true;
}
String server_token = (String) request.getSession().getAttribute(token);
if(server_token==null){//断定办事器端令牌是否为空
return true;
}
if(!client_token.equals(server_token)){//断定客服端令牌与办事器端令牌是否一致
return true;
}
return false;
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
我们永远不要期待别人的拯救,只有自己才能升华自己。自己已准备好了多少容量,方能吸引对等的人与我们相遇,否则再美好的人出现、再动人的事情降临身边,我们也没有能量去理解与珍惜,终将擦肩而过。—— 姚谦《品味》
