自学Servlet_10_session(关于表单)
防止表单重复提交:
首先,在前台用js禁止。
其次:用session禁止(重点)。
许多框架的工作原理:
?
//产生表单public class FormServlet extends HttpServlet {public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {response.setContentType("text/html;charset=UTF-8");response.setCharacterEncoding("UTF-8");PrintWriter out = response.getWriter();String token = TokenProcessor.getInstance().generateToken();request.getSession().setAttribute("token", token);out.print("<form action='/day07/servlet/FormSubmitServlet' method='post'>");out.print("<input type='hidden' name='token' value='"+token+"'>");out.print("<input type='text' name='username'>");out.print("<input type='submit' value='提交'>");out.print("</form>");}public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {doGet(request, response);}}class TokenProcessor{//1. 把构造方法私有//2. 自己产生一个类的对象//3. 定义一个方法返回上面产生的对象private TokenProcessor(){};public static final TokenProcessor instance = new TokenProcessor();public static TokenProcessor getInstance(){return instance;}public String generateToken(){//3843849384 9849238402840243802 983434String token = System.currentTimeMillis() + "" + new Random().nextInt(99999999);//数据指纹 数据摘要 md5try {MessageDigest md = MessageDigest.getInstance("md5"); byte md5[] = md.digest(token.getBytes()); //128位 16【12,23,34,544543543543,】//base64编码 SABDSSDSDBASE64Encoder encoder = new BASE64Encoder();return encoder.encode(md5);} catch (NoSuchAlgorithmException e) {throw new RuntimeException(e);}}}
?测试servlet
public class FormSubmitServlet extends HttpServlet {public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {boolean b = isToken(request);if(!b){//用户带过来的令牌无效,阻止提交System.out.println("你是重复提交!!");return;}//用户带过来的令牌有效,处理提交request.getSession().removeAttribute("token");String username = request.getParameter("username");//把用户提交的数据保存到数据库中System.out.println("处理提交请求,把" + username + "保存到数库中!!");}//判断用户带过来的令牌是否有效private synchronized boolean isToken(HttpServletRequest request) {String client_token = request.getParameter("token");if(client_token==null){return false;}String server_token = (String) request.getSession().getAttribute("token");if(server_token==null){return false;}if(!client_token.equals(server_token)){return false;}return true;}public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {doGet(request, response);}}?
?