JavaWeb中HttpSession中表單的重復(fù)提交示例
表單的重復(fù)提交
作為一家“創(chuàng)意+整合+營銷”的成都網(wǎng)站建設(shè)機(jī)構(gòu),我們在業(yè)內(nèi)良好的客戶口碑。成都創(chuàng)新互聯(lián)公司提供從前期的網(wǎng)站品牌分析策劃、網(wǎng)站設(shè)計(jì)、成都網(wǎng)站制作、網(wǎng)站建設(shè)、外貿(mào)網(wǎng)站建設(shè)、創(chuàng)意表現(xiàn)、網(wǎng)頁制作、系統(tǒng)開發(fā)以及后續(xù)網(wǎng)站營銷運(yùn)營等一系列服務(wù),幫助企業(yè)打造創(chuàng)新的互聯(lián)網(wǎng)品牌經(jīng)營模式與有效的網(wǎng)絡(luò)營銷方法,創(chuàng)造更大的價(jià)值。
- 重復(fù)提交的情況:
①. 在表單提交到一個(gè) Servlet,而 Servlet 又通過請求轉(zhuǎn)發(fā)的方式響應(yīng)了一個(gè) JSP(HTML)頁面,此時(shí)地址欄還保留著 Servlet 的那個(gè)路徑,在響應(yīng)頁面點(diǎn)擊 “刷新”。
②. 在響應(yīng)頁面沒有到達(dá)時(shí),重復(fù)點(diǎn)擊 “提交按鈕”
③. 點(diǎn)擊返回,再點(diǎn)擊提交
- 不是重復(fù)提交的情況:點(diǎn)擊 “返回”,“刷新” 原表單頁面,再點(diǎn)擊提交。
- 如何避免表單的重復(fù)提交:在表單中做一個(gè)標(biāo)記,提交到 Servlet 時(shí),檢查標(biāo)記是否存在且和預(yù)定義的標(biāo)記一樣,若一致,則受理請求,并銷毀標(biāo)記,若不一致或沒有標(biāo)記,則直接響應(yīng)提示信息:“重復(fù)提交”
①僅提供一個(gè)隱藏域不行:<input type="hidden" name="token" value="lsy">
②把標(biāo)記放在 Request 中 , 行不通,表單頁面刷新后,request 已經(jīng)被銷毀,再提交表單是一個(gè)新的 request 的。
③把標(biāo)記放在 Session 中,可以
1. 在原表單頁面,生成一個(gè)隨機(jī)值 token
2. 在原表單頁面,把 token 值放入 session 屬性中
3. 在原表單頁面,把 token 值放入到隱藏域
4. 在目標(biāo)的 Servlet 中:獲取 session 和隱藏域中的 token 值
比較兩個(gè)值是否一致,受理請求,且把 session 域中的 token 屬性清除,若不一致,則直接響應(yīng)提示頁面:“重復(fù)提交”
我們可以通過 Struts1 中寫好的類 TokenProcessor 來重構(gòu)代碼, 面向組件編程
package com.lsy.javaweb;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class TokenProcessor {
private static final String TOKEN_KEY = "TOKEN_KEY";
private static final String TRANSACTION_TOKEN_KEY = "TRANSACTION_TOKEN_KEY";
/**
* The singleton instance of this class.
*/
private static TokenProcessor instance = new TokenProcessor();
/**
* The timestamp used most recently to generate a token value.
*/
private long previous;
/**
* Protected constructor for TokenProcessor. Use
* TokenProcessor.getInstance() to obtain a reference to the processor.
*/
protected TokenProcessor() {
super();
}
/**
* Retrieves the singleton instance of this class.
*/
public static TokenProcessor getInstance() {
return instance;
}
/**
* <p>
* Return <code>true</code> if there is a transaction token stored in the
* user's current session, and the value submitted as a request parameter
* with this action matches it. Returns <code>false</code> under any of the
* following circumstances:
* </p>
*
* <ul>
*
* <li>No session associated with this request</li>
*
* <li>No transaction token saved in the session</li>
*
* <li>No transaction token included as a request parameter</li>
*
* <li>The included transaction token value does not match the transaction
* token in the user's session</li>
*
* </ul>
*
* @param request
* The servlet request we are processing
*/
public synchronized boolean isTokenValid(HttpServletRequest request) {
return this.isTokenValid(request, false);
}
/**
* Return <code>true</code> if there is a transaction token stored in the
* user's current session, and the value submitted as a request parameter
* with this action matches it. Returns <code>false</code>
*
* <ul>
*
* <li>No session associated with this request</li>
* <li>No transaction token saved in the session</li>
*
* <li>No transaction token included as a request parameter</li>
*
* <li>The included transaction token value does not match the transaction
* token in the user's session</li>
*
* </ul>
*
* @param request
* The servlet request we are processing
* @param reset
* Should we reset the token after checking it?
*/
public synchronized boolean isTokenValid(HttpServletRequest request, boolean reset) {
// Retrieve the current session for this request
HttpSession session = request.getSession(false);
if (session == null) {
return false;
}
// Retrieve the transaction token from this session, and
// reset it if requested
String saved = (String) session.getAttribute(TRANSACTION_TOKEN_KEY);
if (saved == null) {
return false;
}
if (reset) {
this.resetToken(request);
}
// Retrieve the transaction token included in this request
String token = request.getParameter(TOKEN_KEY);
if (token == null) {
return false;
}
return saved.equals(token);
}
/**
* Reset the saved transaction token in the user's session. This indicates
* that transactional token checking will not be needed on the next request
* that is submitted.
*
* @param request
* The servlet request we are processing
*/
public synchronized void resetToken(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session == null) {
return;
}
session.removeAttribute(TRANSACTION_TOKEN_KEY);
}
/**
* Save a new transaction token in the user's current session, creating a
* new session if necessary.
*
* @param request
* The servlet request we are processing
*/
public synchronized String saveToken(HttpServletRequest request) {
HttpSession session = request.getSession();
String token = generateToken(request);
if (token != null) {
session.setAttribute(TRANSACTION_TOKEN_KEY, token);
}
return token;
}
/**
* Generate a new transaction token, to be used for enforcing a single
* request for a particular transaction.
*
* @param request
* The request we are processing
*/
public synchronized String generateToken(HttpServletRequest request) {
HttpSession session = request.getSession();
return generateToken(session.getId());
}
/**
* Generate a new transaction token, to be used for enforcing a single
* request for a particular transaction.
*
* @param id
* a unique Identifier for the session or other context in which
* this token is to be used.
*/
public synchronized String generateToken(String id) {
try {
long current = System.currentTimeMillis();
if (current == previous) {
current++;
}
previous = current;
byte[] now = new Long(current).toString().getBytes();
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(id.getBytes());
md.update(now);
return toHex(md.digest());
} catch (NoSuchAlgorithmException e) {
return null;
}
}
/**
* Convert a byte array to a String of hexadecimal digits and return it.
*
* @param buffer
* The byte array to be converted
*/
private String toHex(byte[] buffer) {
StringBuffer sb = new StringBuffer(buffer.length * 2);
for (int i = 0; i < buffer.length; i++) {
sb.append(Character.forDigit((buffer[i] & 0xf0) >> 4, 16));
sb.append(Character.forDigit(buffer[i] & 0x0f, 16));
}
return sb.toString();
}
}以上所述是小編給大家介紹的JavaWeb中HttpSession中表單的重復(fù)提交示例,希望對大家有所幫助,如果大家有任何疑問請給我留言,小編會(huì)及時(shí)回復(fù)大家的。在此也非常感謝大家對創(chuàng)新互聯(lián)網(wǎng)站的支持!
網(wǎng)站標(biāo)題:JavaWeb中HttpSession中表單的重復(fù)提交示例
標(biāo)題路徑:http://www.chinadenli.net/article42/gccsec.html
成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供動(dòng)態(tài)網(wǎng)站、微信小程序、企業(yè)網(wǎng)站制作、虛擬主機(jī)、做網(wǎng)站、網(wǎng)站導(dǎo)航
聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場,如需處理請聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來源: 創(chuàng)新互聯(lián)
- 如何實(shí)現(xiàn)全網(wǎng)營銷? 2015-08-08
- 全網(wǎng)營銷怎么為企業(yè)帶來更多潛在客戶? 2015-06-22
- 企業(yè)如何搞好全網(wǎng)營銷推廣呢 2021-12-16
- 全網(wǎng)營銷推廣來幫助你 2023-03-06
- 如何利用全網(wǎng)營銷超越競爭對手? 2015-08-04
- 互聯(lián)網(wǎng)營銷時(shí)代,全網(wǎng)營銷推廣才是重點(diǎn) 2021-02-02
- 全網(wǎng)營銷可以從哪些地方著手呢? 2014-07-07
- 全網(wǎng)營銷時(shí)代網(wǎng)絡(luò)營銷基本要素環(huán)節(jié)有哪些需要特別注意 2016-08-17
- 全網(wǎng)營銷有步驟嗎? 2015-06-23
- 北京全網(wǎng)營銷外包公司敘述新聞營銷的巨大價(jià)值 2015-07-11
- 企業(yè)手機(jī)網(wǎng)站建設(shè)在全網(wǎng)營銷趨勢下的意義 2014-02-06
- 全網(wǎng)營銷之seo軟文營銷作用及技巧! 2016-11-07