利用md5算法得到数据的指纹,再利用baset64算法获取计算后的字符串
package com.jingtian.others;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import sun.misc.BASE64Encoder;
public class Md5Test {
public static void main(String[] args) {
String str = "景天晓志";
try {
//得到MD5算法的MessageDigest
//对数据进行处理,得到处理后的字节
//得到baset64算法的对象
//对用MD5处理后的数据进行计算,得到处理后的字符串
MessageDigest dm = MessageDigest.getInstance("md5");
byte[] md5 = dm.digest(str.getBytes());
BASE64Encoder encoder = new BASE64Encoder();
String baset64 = encoder.encode(md5);
System.out.println(baset64);
//h52DUtauqHMMa5c0Bn53Iw==
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
}
session防止表单重复提交
手机令牌:本质就是生成一个随机数保存在session里面,用户看不到,通过比较用户的随机数和服务器从session里面得到的随机数是否相等。刷新的时候已经删除。。
用户没带数据就是有人再干坏事
服务器这边找不到就是闲着没个鸟事干刷新,
两边数据必须相等。。
生成一个随机数
base64编码
这里利用单例设计模式
1.构建一个私有构造方法
2.新建一个私有静态final对象
3.对外暴露一个方法
md5加密
base64翻译成明文:传电影
先访问FormServlet生成令牌,自动跳转首页jsp,jsp交给DoFormServlet处理
package com.jingtian.sessionForm;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sun.misc.BASE64Encoder;
public class FormServlet extends HttpServlet {
/**
* 写给浏览器一个表单,并且防止多次重复提交而创建随机数
*/
private static final long serialVersionUID = 1L;
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 产生随机数(表单号 )
TokenProcessor tp = TokenProcessor.getInstance();
String token = tp.generateToken();
request.getSession().setAttribute("token", token);
request.getRequestDispatcher("/form.jsp").forward(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
class TokenProcessor {// 令牌发生器
/**
* 1.把构造方法私有
* 2.新建一个私有静态final对象
* 3.对外暴露一个方法,允许获得创建的对象
*/
private TokenProcessor() {
}
private static final TokenProcessor instance = new TokenProcessor();
public static TokenProcessor getInstance() {
return instance;
}
public String generateToken() {// 获取唯一的表单码
String token = System.currentTimeMillis() + new Random().nextInt() + "";
try {
MessageDigest md5 = MessageDigest.getInstance("md5");
byte[] md = md5.digest(token.getBytes());
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(md);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
}
再就是那个jsp页面
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="${pageContext.request.contextPath}/servlet/DoFormServlet" method="post">
<input type="hidden" name="token" value="${token}">
用户名:<input type="text" name="username"><br/>
<input type="submit" value="提交">
</form>
</body>
</html>
最后就是那个处理提交请求的servlet
package com.jingtian.sessionForm;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class DoFormServlet extends HttpServlet {
/**
* 处理表单的重复提交
*/
private static final long serialVersionUID = 1L;
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
boolean b = isTokenValue(request);
if (!b) {
System.out.println("请不要重复提交");
return;
}
request.getSession(false).removeAttribute("token");
System.out.println("向数据库中注入数据");
}
private boolean isTokenValue(HttpServletRequest request) {
String client_token = request.getParameter("token");
if (client_token == null) {
return false;
}
String server_token = (String) request.getSession(false).getAttribute(
"token");
if (server_token == null) {
return false;
}
if (!server_token.equals(client_token)) {
return false;
}
return true;
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}