表单servlet
package com.xxx.action;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.xxx.other.Token;
@WebServlet(name="form",urlPatterns="/form")
public class FormServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//生成token
String token=Token.getInstance().makeToken();
//将token存储到session
HttpSession session=request.getSession();
session.setAttribute("token", token);
request.getRequestDispatcher("/form.jsp").forward(request, response);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
doGet(req, resp);
}
}
<body>
<form method="post" action="${pageContext.request.contextPath}/doForm">
用户名:<input type="text" name="user"><br>
密码:<input type="password" name="password">
<input type="hidden" name="token" value="${token}"><br>
<input type="submit">
</form>
</body>
表单处理servlet
package com.xxx.action;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@WebServlet(name="doForm",urlPatterns="/doForm")
public class DoFormServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse resp)
throws ServletException, IOException {
request.setCharacterEncoding("GBK");
String user=request.getParameter("user");
String password=request.getParameter("password");
String token=request.getParameter("token");
//System.out.println(token);
HttpSession session=request.getSession();
String sesstoken=(String) session.getAttribute("token");
//System.out.println(sesstoken);
if(token!=null && token.equals(sesstoken)){
System.out.println("验证通过");
}else{
System.out.println("重复提交");
}
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
// TODO Auto-generated method stub
super.doGet(req, resp);
}
}
token类
package com.xxx.other;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import sun.misc.BASE64Encoder;
/**
* 生成token 单例模式
* @author Administrator
*
*/
public class Token {
private static final Token instance=new Token();
private Token(){}
/**
* 返回实例
* @return
*/
public static Token getInstance(){
return instance;
}
/**
* 生成token
* @return
*/
public String makeToken(){
String token=(System.currentTimeMillis()+new Random().nextInt(999999))+"";
String result="";
try {
MessageDigest md = MessageDigest.getInstance("md5");
byte md5[]=md.digest(token.getBytes());
BASE64Encoder encoder = new BASE64Encoder();
result=encoder.encode(md5);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return result;
}
}