1. 页面加token
<form action="xxx" method="post" οnsubmit="return onSubmit()">
<%=FormToken.hidden(serviceSession.getSession()) %>
2. 后台Servlet加token
if(!FormToken.verify(serviceSession.getSession(),
request.getParameter(FormToken.parameterName()))) {
throw new LogicalException("请不要重复提交请求!");
}