对于一些页面,为了防止进行刷新或重复提交,可以通过token令牌来解决,其思路如下:
在生成表单页面事,对应生成一个令牌,然后将令牌存放在表单的隐藏域,也可存放在请求头的cookie中(服务端可以存放在session中或是cookie中)。当提交时判断令牌是否相等,如果相等则进行流程处理,最后在服务端删除对应的令牌,下次提交则发现不相等,则是对应的重复提交进行其他流程的处理。
public static void generateToken()
{
String dn = UcUtil.getDn();
if (StringUtil.isNullOrEmpty(dn))
{
Logger.debug("[TokenGenerator] dn is null");
return;
}
// 原始串
String token = String.valueOf(TOKEN_RANDOM.nextDouble());
// 加密串
String secretToken = Codec.hexMD5(SECRET_KEY + token + dn);
Logger.debug("user.dn[%s] , token[%s] , secretToken[%s]", dn, token,
secretToken);
Http.Response response = Http.Response.current();
// response响应加上随机原始串
Http.Cookie requestCookie = new Http.Cookie();
if (jws.Jws.configuration
.containsKey("application.defaultCookieDomain"))
{
requestCookie.domain = ConfigUtil.getInstance().getProperty(
"application.defaultCookieDomain");
}
requestCookie.path = "/";
requestCookie.maxAge = 24 * 60 * 60 * 10;
requestCookie.value = token;
requestCookie.name = "requestid";
response.cookies.put("requestid", requestCookie);
// 再机上加密串
Http.Cookie tokenCookie = new Http.Cookie();
if (jws.Jws.configuration
.containsKey("application.defaultCookieDomain"))
{
tokenCookie.domain = ConfigUtil.getInstance().getProperty(
"application.defaultCookieDomain");
}
tokenCookie.path = "/";
tokenCookie.maxAge = 24 * 60 * 60 * 10;
tokenCookie.value = secretToken;
tokenCookie.name = "token";
response.cookies.put("token", tokenCookie);
}
public static boolean isValidPair(String originalToken,
String secrectToken, String dn)
{
return Codec.hexMD5(SECRET_KEY + originalToken + dn).equals(
secrectToken);
}