JavaWeb中HttpSession中表单的重复提交示例

网友投稿 248 2023-06-06


JavaWeb中HttpSession中表单的重复提交示例

表单的重复提交

重复提交的情况:

①. 在表单提交到一个 Servlet,而 Servlet 又通过请求转发的方式响应了一个 jsP(HTML)页面,此时地址栏还保留着 Servlet 的那个路径,在响应页面点击 “刷新”。

②. 在响应页面没有到达时,重复点击 “提交按钮”

③. 点击返回,再点击提交

不是重复提交的情况:点击 “返回”,“刷新” 原表单页面,再点击提交。

如何避免表单的重复提交:在表单中做一个标记,提交到 Servlet 时,检查标记是否存在且和预定义的标记一样,若一致,则受理请求,并销毁标记,若不一致或没有标记,则直接响应提示信息:“重复提交”

①仅提供一个隐藏域不行:

②把标记放在 Request 中 , 行不通,表单页面刷新后,request 已经被销毁,再提交表单是一个新的 request 的。

③把标记放在 Session 中,可以

1. 在原表单页面,生成一个随机值 token

2. 在原表单页面,把 token 值放入 session 属性中

3. 在原表单页面,把 token 值放入到隐藏域

4. 在目标的 Servlet 中:获取 session 和隐藏域中的 token 值

比较两个值是否一致,受理请求,且把 session 域中的 token 属性清除,若不一致,则直接响应提示页面:“重复提交”

我们可以通过 Struts1 中写好的类 TokenProcessor 来重构代码, 面向组件编程

package com.lsy.javaweb;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpSession;

import java.security.MessageDigest;

import java.security.NoSuchAlgorithmException;

public class TokenProcessor {

private static final String TOKEN_KEY = "TOKEN_KEY";

private static final String TRANSACTION_TOKEN_KEY = "TRANSACTION_TOKEN_KEY";

/**

* The singleton instance of this class.

*/

private static TokenProcessor instance = new TokenProcessor();

/**

* The timestamp used most recently to generate a token value.

*/

private long previous;

/**

* Protected constructor for TokenProcessor. Use

* TokenPrhttp://ocessor.getInstance() to obtain a reference to the processor.

*/

protected TokenProcessor() {

super();

}

/**

* Retrieves the singleton instance of this class.

*/

public static TokenProcessor getInstance() {

return instance;

}

/**

*

* Return true</code> if there is a transaction token stored in the

* user's current session, and the value submitted as a request parameter

* with this action matches it. Returns false under any of the

* following circumstances:

*

*

*

*

*

*

*

*

*

*

*

* token in the user's session

*

*

*

* @param request

* The servlet request we are processing

*/

public synchronized boolean isTokenValid(HttpServletRequest request) {

return this.isTokenValid(request, false);

}

/**

* Return true if there is a transaction token stored in the

* user's current session, and the value submitted as a request parameter

* with this action matches it. Returns false

*

*

*

*

*

*

*

*

*

* token in the user's session

*

*

*

* @param request

* The servlet request we are processing

* @param reset

* Should we reset the token after checking it?

*/

public synchronized boolean isTokenValid(HttpServletRequest request, boolean reset) {

// Retrieve the current session for this request

HttpSession session =sqJrj request.getSession(false);

if (session == null) {

return false;

}

// Retrieve the transaction token from this session, and

// reset it if requested

String saved = (String) session.getAttribute(TRANSACTION_TOKEN_KEY);

if (saved == null) {

return false;

}

if (reset) {

this.resetToken(request);

}

// Retrieve the transaction token included in this request

String token = request.getParameter(TOKEN_KEY);

if (token == null) {

return false;

}

return saved.equals(token);

}

/**

* Reset the saved transaction token in the user's session. This indicates

* that transactional token checking will not be needed on the next request

* that is submitted.

*

* @param request

* The servlet request we are processing

*/

public synchronized void resetToken(HttpServletRequest request) {

HttpSession session = request.getSession(false);

if (session == null) {

return;

}

session.removeAttribute(TRANSACTION_TOKEN_KEY);

}

/**

* Save a new transaction token in the user's current session, creating a

* new session if necessary.

*

* @param request

* The servlet request we are processing

*/

public synchronized String saveToken(HttpServletRequest request) {

HttpSession session = request.getSession();

String token = generateToken(request);

if (token != null) {

session.setAttribute(TRANSACTION_TOKEN_KEY, token);

}

return token;

}

/**

* Generate a new transaction token, to be used for enforcing a single

* request for a particular transaction.

*

* @param request

* The request we are processing

*/

public synchronized String generateToken(HttpServletRequest request) {

HttpSession session = request.getSession();

return generateToken(session.getId());

}

/**

* Generate a new transaction token, to be used for enforcing a single

* request for a particular transaction.

*

* @param id

* a unique Identifier for the session or other context in which

* this token is to be used.

*/

public synchronized String generateToken(String id) {

try {

long current = System.currentTimeMillis();

if (current == previous) {

current++;

}

previous = current;

byte[] now = new Long(current).toString().getBytes();

MessageDigest md = MessageDigest.getInstance("MD5");

md.update(id.getBytes());

md.update(now);

return toHex(md.digest());

} catch (NoSuchAlgorithmException e) {

return null;

}

}

/**

* Convert a byte array to a String of hexadecimal digits and return it.

*

* @param buffer

* The byte array to be converted

*/

private String toHex(byte[] buffer) {

StringBuffer sb = new StringBuffer(buffer.length * 2);

for (int i = 0; i < buffer.length; i++) {

sb.append(Character.forDigit((buffer[i] & 0xf0) >> 4, 16));

sb.append(Character.forDigit(buffer[i] & 0x0f, 16));

}

return sb.toString();

}

}

以上所述是给大家介绍的JavaWeb中HttpSession中表单的重复提交示例,希望对大家有所帮助,如果大家有任何疑问请给我留言,会及时回复大家的。在此也非常感谢大家对我们网站的支持!


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:Java中char[]输出不是内存地址的原因详解
下一篇:java 使用异常的好处总结
相关文章

 发表评论

暂时没有评论,来抢沙发吧~