1:利用UUID生成Session令牌
简单说一下逻辑:首先是GET的login请求通过LoginServlet之前会生成一个UUID Session令牌,这个令牌会在表单中显示,然后点提交,在拦截器中会拦截到请求的Session令牌,会对比一下表单的Session令牌与之前生成的Session是否相同 相同则是第一次提交 不同则不是第一次提交,可以进行一些反复提交的响应处理;
项目目录结构
jsp文件
<form action="login" method="post" name="login">
<div>UUID:${token}</div>
<input type="hidden" name="token" value="${token}">
UserName:<input type="text" name="username" /> <br />
Password:<input type="password" name="password" /> <br />
<div><a>${msg}</a></div>
<input type="button" value="Login" οnclick="username.value != '' && password != '' ? login.submit() : null;">
</form>
拦截器类
import java.io.IOException;
import java.util.UUID;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
public class FileToken implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String serviceToken = (String) req.getSession().getAttribute("token");
String token = request.getParameter("token");
req.getSession().setAttribute("token", UUID.randomUUID().toString());
if (serviceToken == null) {
System.out.println("serviceToken 为空!");
filterChain.doFilter(request, response);
return;
}
if (token == null) {
System.out.println("token 为空!");
filterChain.doFilter(request, response);
return;
}
if (serviceToken.equals(token)) {
System.out.println("没有重复提交!");
filterChain.doFilter(request, response);
req.getSession(false).setAttribute("token", "");
return;
} else {
System.out.println("重复提交!");
//resp.sendRedirect(req.getRequestURL().toString());
return;
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
xml 配置
<!-- 判断重复提交 -->
<filter>
<filter-name>token</filter-name>
<filter-class>com.goods.util.FileToken</filter-class>
</filter>
<filter-mapping>
<filter-name>token</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 登录 -->
<servlet>
<servlet-name>login</servlet-name>
<servlet-class>com.goods.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>login</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
Servlet
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.goods.entity.User;
import com.goods.service.UserService;
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String userName = req.getParameter("username");
String password = req.getParameter("password");
UserService userService = new UserService();
User user = userService.login(userName, password);
if (user == null) {
req.setAttribute("msg", "没有此用户 !请注册!");
req.getRequestDispatcher("WEB-INF/jsp/login.jsp").forward(req, resp);
} else if (!user.getPwd().equals(password)) {
req.setAttribute("msg", "请检查密码!");
req.getRequestDispatcher("WEB-INF/jsp/login.jsp").forward(req, resp);
} else {
user.setPwd("***");
System.out.println("登录成功!" + user.toString());
req.getSession(false).setAttribute("user", user);
req.getRequestDispatcher("WEB-INF/jsp/home.jsp").forward(req, resp);
}
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
req.getRequestDispatcher("WEB-INF/jsp/login.jsp").forward(req, resp);
}
}
home.jsp // 防止刷新再加强
<script type="text/javascript">
if (location.href != "http://localhost:8888/Goods/home") {
location.href = "http://localhost:8888/Goods/home";
}
</script>