-
在我们编程的时候,使用表单提交时,可能会有重复提交的情况,在登录注册时这种情况可能感觉问题还不是很大,但是下单购物这种涉及到钱的情况下,重复提交就相当的致命了。
这里get到一种解决方案,以登录为例: -
登录提交表单
<!DOCTYPE html>
<html>
<head>
<base href="<%=request.getServletContext().getContextPath()%>/" />
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="login" method="post">
<input type="hidden" name="settoken" value="${settoken }">
<input type="text" name="username"/>
<input type="password" name="password"/>
<input type="submit"/>
</form>
</body>
</html>
- 登录的servlet
@WebServlet("/login")
public class Login extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.getWriter().append("Served at: ").append(request.getContextPath());
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.getWriter().println(request.getParameter("username")+":"+request.getParameter("password"));
}
}
- 这是一个随机提取指定长度的随机字符串,这里是过滤器中取token(这个名字可以随便取,喜欢就好)的类
public class GetRandom {
private static final String SRC="0123456789QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm";
public String randoms(int x) {
StringBuilder sb=new StringBuilder();
for(int i=0;i<x;i++) {
sb.append(SRC.charAt(new Random().nextInt(SRC.length())));
}
return sb.toString();
}
}
- 这是防止重复提交的关键操作,过滤器
//过滤所有
@WebFilter("/*")
public class Antiduplcatesubmit implements Filter {
/**
* Default constructor.
*/
public Antiduplcatesubmit() {
}
/**
* @see Filter#destroy()
*/
public void destroy() {
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req=(HttpServletRequest) request;
HttpServletResponse res=(HttpServletResponse) response;
System.out.println("收到请求["+req.getRequestURI()+"]");
//获取token
String retoken=req.getParameter("settoken");
System.out.println("retoken"+retoken);
//判断token是否存在,不存在设置一个token
if(retoken==null||retoken.isEmpty()) {
String token=new GetRandom().randoms(32);
req.getSession().setAttribute("settoken", token);
}else {
//token存在,从session中取出token验证,通过验证则覆盖原来的token
Object token1=req.getSession().getAttribute("settoken");
if(retoken.equals(token1)) {
String token=new GetRandom().randoms(32);
req.getSession().setAttribute("settoken", token);
}else {
res.sendRedirect(req.getContextPath()+"/404.jsp?massage="+URLEncoder.encode("请勿重复提交","utf-8"));
}
}
chain.doFilter(request, response);
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
}
}
404.jsp
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<p>${param.massage }</p>
</body>
</html>