1、加类
/**
* 生成Token的工具类:
*/
package com.yiduit.web.core.common.util;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import sun.misc.BASE64Encoder;
/**
* 生成Token的工具类
* @author zhous
* @since 2018-2-23 13:59:27
*
*/
public class TokenProccessor {
private TokenProccessor(){};
private static final TokenProccessor instance = new TokenProccessor();
public static TokenProccessor getInstance() {
return instance;
}
/**
* 生成Token
* @return
*/
public String makeToken() {
String token = (System.currentTimeMillis() + new Random().nextInt(999999999)) + "";
try {
MessageDigest md = MessageDigest.getInstance("md5");
byte md5[] = md.digest(token.getBytes());
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(md5);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return null;
}
}
2、还有一个
/**
*
*/
package com.yiduit.web.core.common.util;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
/**
* Token的工具类
* @author zhous
* @since 2018-2-23 14:01:41
*
*/
public class TokenTools {
/**
* 生成token放入session
* @param request
* @param tokenServerkey
*/
public static void createToken(HttpServletRequest request,String tokenServerkey){
String token = TokenProccessor.getInstance().makeToken();
request.getSession().setAttribute(tokenServerkey, token);
}
/**
* 移除token
* @param request
* @param tokenServerkey
*/
public static void removeToken(HttpServletRequest request,String tokenServerkey){
request.getSession().removeAttribute(tokenServerkey);
}
/**
* 判断请求参数中的token是否和session中一致
* @param request
* @param tokenClientkey
* @param tokenServerkey
* @return
*/
public static boolean judgeTokenIsEqual(HttpServletRequest request,String tokenClientkey,String tokenServerkey){
String token_client = request.getParameter(tokenClientkey);
// String token_client = request.getHeader(tokenClientkey);
if(StringUtils.isEmpty(token_client)){
return false;
}
String token_server = (String) request.getSession().getAttribute(tokenServerkey);
if(StringUtils.isEmpty(token_server)){
return false;
}
if(!token_server.equals(token_client)){
return false;
}
return true;
}
}
3、前端
<div class="form-group">
<div class="col-sm-9">
<input type="hidden" value="${token}" id="token" name="token"/>
</div>
</div>
4、一起提交表单
5、在跳转页面加token
/**
* 跳转到修改敏感信息界面
* @param request
* @return
*/
@RequestMapping(value = "/toModifyPassword")
public String toModifyPassword(Model model,HttpServletRequest request,Integer userId) {
//生成token
String valueOf = String.valueOf(userId);
String token = TokenProccessor.getInstance().makeToken();
request.getSession().setAttribute("token", token);
request.setAttribute("token",token);
TabCoreUserEntity coreUser = userService.getUserInfoByUserId(userId);
model.addAttribute("user",coreUser);
return "/user/modifyPassword";
}
6、在修改方法中比较两个值
boolean judgeTokenIsEqual = TokenTools.judgeTokenIsEqual(request,"token","token");
注意:记录一个循环的坑,要获取token_25,页面可以取到${user.userId},但是如果获取key?(token_25)
<c:set var="tokenKey" scope="page" value="token_${user.userId}"/>
<input type="hidden" value="${requestScope[tokenKey]}" id="token" name="token"/>