//产生随机数(表单号)
TokenProcessor tp = TokenProcessor.getInstance();
String token = tp.generateToken();
request.getSession().setAttribute("token", token);
request.getRequestDispatcher("/form.jsp").forward(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
class TokenProcessor{//令牌
private TokenProcessor() {}
private final static TokenProcessor tp = new TokenProcessor();
public static TokenProcessor getInstance() {
return tp;
}
public String generateToken() {
String token = System.currentTimeMillis()+new Random().nextInt()+"";
try {
MessageDigest md = MessageDigest.getInstance("md5");
byte md5[] = md.digest(token.getBytes());
//base64编码
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(md5);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
throw new RuntimeException(e);
}
}
}
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="/WebPractice/DoForm" method="post" >
<input type="hidden" name="token" value="${token}"><!-- EL表达式 -->
<input type ="text" name="id" />
<input type="submit" value="提交"/>
</form>
</body>
</html>
package cn.qust.demo1;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class DoForm
*/
@WebServlet("/DoForm")
public class DoForm extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
boolean b = isTokenValid(request);
if(!b) {
System.out.println("请不要重复提交");
return;
}
request.getSession().removeAttribute("token");
System.out.println("注册");
}
//判断表单号是否有效,和structs一样
private boolean isTokenValid(HttpServletRequest request) {
String str = request.getParameter("token");
if(str==null) {
return false;
}
String str1 =(String) request.getSession().getAttribute("token");
if(str1==null) {
return false;
}
if(!str.equals(str1)) {
return false;
}
return true;
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}