1.import java.securITy.MessageDigest;
2.import java.security.NoSuchAlgorithmException;
3.
4.import javax.servlet.http.HttpServletRequest;
5.import javax.servlet.http.HttpSession;
6.
7.
8.public class TokenProcessor {
9. private long privious;//上次生成表单标识号得时间值
10. private static TokenProcessor instance=new TokenProcessor();
11. public static String FORM_TOKEN_KEY="FORM_TOKEN_KEY";
12. private TokenProcessor(){
13.
14. }
15. public static TokenProcessor getInstance(){
16. return instance;
17. }
18. /**//*
19. * 验证请求中得标识号是否有效,如果请求中的表单标识与当前用户session中的相同,返回结果true=
20. */
21. public synchronized boolean isTokenValid(HttpServletRequest request){
22. //未避免session对象不存在时候创建Session对象
23. HttpSession session=request.getSession(false);
24. if(session==null){return false;}
25. String saved=(String)session.getAttribute(FORM_TOKEN_KEY);
26. if(saved==null){
27. return false;
28. }
29. String token=(String)request.getParameter(FORM_TOKEN_KEY);
30. if(token==null){
31. return false;
32. }
33. return saved.equals(token);
34. }
35.
36. /**//*
37. * 清楚存储在当前用户session中的表单标识号
38. */
39. public synchronized void reset(HttpServletRequest request){
40. HttpSession session=request.getSession(false);
41. if(session==null){
42. return;
43. }
44. session.removeAttribute(FORM_TOKEN_KEY);
45. }
46.
47. /**//*
48. * 产生表单标识号并将之保存在当前用户得session中
49. */
50.
51. public synchronized void saveToken(HttpServletRequest request){
52. HttpSession session=request.getSession();
53. try {
54. byte id[]=session.getId().getBytes();
55. long current=System.currentTimeMillis();
56. if(current==privious){
57. current++;
58. }
59. privious=current;
60. byte now[]=String.valueOf(current).getBytes();
61. MessageDigest md=MessageDigest.getInstance("MD5");
62. md.update(id);
63. md.update(now);
64. String token=toHex(md.digest());
65. session.setAttribute(FORM_TOKEN_KEY, token);
66. } catch (NoSuchAlgorithmException e) {
67.
68. }
69. }
70. /**//*
71. * 将一个字节数转换成十六进制得字符串
72. *
73. */
74. public String toHex(byte buffer[]){
75. StringBuffer sb=new StringBuffer(buffer.length*2);
76. for (int i = 0; i < buffer.length; i++) {
77. sb.append(Character.forDigit((buffer[i]&0x60)>>4, 16));
78. sb.append(Character.forDigit(buffer[i]&0x0f, 16));
79. }
80. return sb.toString();
81.
82. }
83.}
import java.securITy.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
public class TokenProcessor {
private long privious;//上次生成表单标识号得时间值
private static TokenProcessor instance=new TokenProcessor();
public static String FORM_TOKEN_KEY="FORM_TOKEN_KEY";
private TokenProcessor(){
}
public static TokenProcessor getInstance(){
return instance;
}
/**//*
* 验证请求中得标识号是否有效,如果请求中的表单标识与当前用户session中的相同,返回结果true=
*/
public synchronized boolean isTokenValid(HttpServletRequest request){
//未避免session对象不存在时候创建Session对象
HttpSession session=request.getSession(false);
if(session==null){return false;}
String saved=(String)session.getAttribute(FORM_TOKEN_KEY);
if(saved==null){
return false;
}
String token=(String)request.getParameter(FORM_TOKEN_KEY);
if(token==null){
return false;
}
return saved.equals(token);
}
/**//*
* 清楚存储在当前用户session中的表单标识号
*/
public synchronized void reset(HttpServletRequest request){
HttpSession session=request.getSession(false);
if(session==null){
return;
}
session.removeAttribute(FORM_TOKEN_KEY);
}
/**//*
* 产生表单标识号并将之保存在当前用户得session中
*/
public synchronized void saveToken(HttpServletRequest request){
HttpSession session=request.getSession();
try {
byte id[]=session.getId().getBytes();
long current=System.currentTimeMillis();
if(current==privious){
current++;
}
privious=current;
byte now[]=String.valueOf(current).getBytes();
MessageDigest md=MessageDigest.getInstance("MD5");
md.update(id);
md.update(now);
String token=toHex(md.digest());
session.setAttribute(FORM_TOKEN_KEY, token);
} catch (NoSuchAlgorithmException e) {
}
}
/**//*
* 将一个字节数转换成十六进制得字符串
*
*/
public String toHex(byte buffer[]){
StringBuffer sb=new StringBuffer(buffer.length*2);
for (int i = 0; i < buffer.length; i++) {
sb.append(Character.forDigit((buffer[i]&0x60)>>4, 16));
sb.append(Character.forDigit(buffer[i]&0x0f, 16));
}
return sb.toString();
}
}
提交处理
Java代码
1.import java.io.IOException;
2.import java.io.PrintWrITer;
3.
4.import javax.servlet.ServletException;
5.import javax.servlet.http.HttpServlet;
6.import javax.servlet.http.HttpServletRequest;
7.import javax.servlet.http.HttpServletResponse;
8.
9.
10.public class FormDoubleServlet extends HttpServlet {
11.
12. protected void service(HttpServletRequest request, HttpServletResponse response)
13. throws ServletException, IOException {
14. response.setContentType("text/html;charset=gb2312");
15. PrintWriter out=response.getWriter();
16. TokenProcessor tokemProcessor=TokenProcessor.getInstance();
17. if(!tokemProcessor.isTokenValid(request)){
18. out.println("重复提交");
19. }
20. String p1=request.getParameter("p");
21. if(p1==null||p1.trim().equals("")){
22. out.println("请输入内容");
23. }else{
24. out.println("提交内容被处理");
25. tokemProcessor.reset(request);//清楚session中的标识
26. }
27.
28. }
29.}
Html代码
1.<%@ page contentType="text/html; charset=GBK"%>
2.
3.<%
4. TokenProcessor tokemProcessor=TokenProcessor.getInstance();
5. tokemProcessor.saveToken(request);
6. String token=(String)request.getSession().getAttribute(tokemProcessor.FORM_TOKEN_KEY);
7. %>
8.<html>
9. <head>
10. <title>用户登陆</title>
11. </head>
12. <body>
13. <form action="/testServlet" method="post">
14. <input name="<%=tokemProcessor.FORM_TOKEN_KEY %>" value="<%=token %>">
15. <input name="q"/>
16.
17. <input type="submit" value="submit"/>
18. </form>
19. </body>
20.</html>