实现思路:
在访问表单的jsp页面之前,首先随机生成一个token(令牌),然后在访问表单的页面放置一个隐藏域,在表单提的时候判断客户端请求的token和服务器端的token是否一致,一致放行,不一致返回。
@WebServlet(name = "BeforeServlet", urlPatterns = "/BeforeServlet")
public class BeforeServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String token = UUID.randomUUID().toString();
System.out.println("生成的token:" + token);
request.getSession().setAttribute("token", token);
request.getRequestDispatcher("/index.jsp").forward(request, response);
}
}
<%@ page contentType="text/html;charset=UTF-8" import="java.util.*" language="java" %>
<html>
<head>
<title>表单提交</title>
</head>
<body>
<form action="${pageContext.request.contextPath}/FormServlet" method="post">
<input name="token" type="hidden" value="<%=session.getAttribute("token") %>">
用户名: <input type="text" name="username"><br/>
<input type="submit" value="提交">
</form>
</body>
</html>
@WebServlet(name = "FormServlet",urlPatterns = "/FormServlet")
public class FormServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("UTF-8");
String username=request.getParameter("username");
boolean b= isFormSubmit(request);
if (b==true){
System.out.println("请不要重复提交表单!!!!!!!!!!!!!");
return;
}
request.getSession().removeAttribute("token");
}
public boolean isFormSubmit(HttpServletRequest request) {
//获取页面的token
String token= request.getParameter("token");
if (token==null){
return true;
}
//获取服务器生成的token
String ftoken=(String) request.getSession().getAttribute("token");
if (ftoken==null){
return true;
}
if (!ftoken.equals(token)){
return true;
}
return false;
}
}