1、自己感觉strut1的Token不是很好用,也许是我没有用明白,所以决定写一个
public class RequestToken {
/*
* 存入token
*/
static public String saveToken(HttpSession session) {
Long requestToken = System.currentTimeMillis();
//System.currentTimeMillis()点击频率高的时候会存在不安全因素,可以采用UUID,或者用随机产生32位
if (session.getAttribute("tokenList") == null) {
ArrayList<String> tokenList = new ArrayList<String>();
tokenList.add(String.valueOf(requestToken));
session.setAttribute("tokenList", tokenList);
} else {
ArrayList<String> tokenList = (ArrayList<String>) session
.getAttribute("tokenList");
tokenList.add(String.valueOf(requestToken));
session.setAttribute("tokenList", tokenList);
}
return String.valueOf(requestToken);
}
/*
* 验证token值
*/
static public boolean isTokenValid(HttpSession session, String requestToken) {
ArrayList<String> tokenList = null;
if (session.getAttribute("tokenList") == null) {
tokenList = new ArrayList<String>();
} else {
tokenList = (ArrayList<String>) session.getAttribute("tokenList");
}
return tokenList.contains(requestToken);
}
/*
* 移除当前token
*/
static public void removeRequestToken(HttpSession session,
String requestToken) {
ArrayList<String> tokenList = null;
if (session.getAttribute("tokenList") == null) {
tokenList = new ArrayList<String>();
} else {
tokenList = (ArrayList<String>) session.getAttribute("tokenList");
}
tokenList.remove(requestToken);
session.setAttribute("tokenList", tokenList);
}
/*
* 重置token
*/
static public void resetToken(HttpSession session) {
ArrayList<String> tokenList = new ArrayList<String>();
session.setAttribute("tokenList", tokenList);
}
}