1.Token.java
package com.homelink.sales.module.newowner.util;
import java.util.HashMap;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
/**
* 令牌工具类,用来生成令牌及判断令牌是否一致
* @author zmy
* @version 1.0 新增 2015-10-29
*/
public class Token {
public HashMap<String, Object> map = new HashMap<String, Object>();
public static String getUUID() {
UUID uuid = UUID.randomUUID();
return uuid.toString();
}
/**
* session中保存令牌,并返回该令牌
* @param session
* @return
*/
public static String add(HttpSession session) {
String token = "";
if (session.getAttribute("_token") != null) {
token = String.valueOf(session.getAttribute("_token"));
}
String uuid = getUUID();
token = "," + uuid + token;
if (token.length() > 185) {
token = token.substring(0, token.lastIndexOf(44));
}
session.setAttribute("_token", token);
return uuid;
}
/**
* 将参数systoken与session中的令牌进行比较,是否一致
* @param request
* @param systoken
* @return
*/
public static Boolean check(HttpServletRequest request,String systoken) {
HttpSession session = request.getSession();
//String uuid = request.getParameter("systoken");
String uuid = systoken;
if (StringUtil.isNulls(new String[] { uuid })) {
return Boolean.valueOf(false);
}
String token = String.valueOf(session.getAttribute("_token"));
int index = -1;
if ((index = token.indexOf(uuid)) >= 0) {
token = token.substring(0, index - 1) + token.substring(index + 36);
session.setAttribute("_token", token);
return Boolean.valueOf(true);
}
return Boolean.valueOf(false);
}
@Deprecated
public static void remove(HttpServletRequest request) {
}
}
StringUtil.isNulls(String[])
/**
* 判断一个数组是否为空
* @param values 数组
* @return
*/
public static boolean isNulls(String[] values) {
if ((values == null) || (values.length == 0)) {
return true;
}
for (String value : values) {
if ((value == null) || (value.matches("\\s*"))) {
return true;
}
}
return false;
}
Struct的令牌机制,源码解析(参考:http://blog.sina.cn/dpool/blog/s/blog_59d78c8f0100bkgu.html?vt=4)
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
public class TokenUtil {
public synchronized void saveToken(HttpServletRequest request) {
HttpSession session = request.getSession();
String token = generateToken(request);
if (token != null) {
session.setAttribute(Globals.TRANSACTION_TOKEN_KEY, token);
}
}
protected String renderToken() {
StringBuffer results = new StringBuffer();
HttpSession session = pageContext.getSession();
if (session != null) {
String token =
(String) session.getAttribute(Globals.TRANSACTION_TOKEN_KEY);
if (token != null) {
results.append('<input type=\'hidden\' name=\'');
results.append(Constants.TOKEN_KEY);
results.append('\' value=\'');
results.append(token);
if (this.isXhtml()) {
results.append('\' />');
} else {
results.append('\'>');
}
}
}
return results.toString();r /> }
public synchronized boolean isTokenValid(HttpServletRequest request,
boolean reset) {
// Retrieve the current session for this request
HttpSession session = request.getSession(false);
if (session == null) {
return false;
}
// Retrieve the transaction token from this session, and
// reset it if requested
String saved = (String) session
.getAttribute(Globals.TRANSACTION_TOKEN_KEY);
if (saved == null) {
return false;
}
if (reset) {
this.resetToken(request);
}
// Retrieve the transaction token included in this request
String token = request.getParameter(Constants.TOKEN_KEY);
if (token == null) {
return false;
}
return saved.equals(token);
}
public synchronized void resetToken(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session == null) {
return;
}
session.removeAttribute(Globals.TRANSACTION_TOKEN_KEY);
}
}