客户端:用JavaScript
定义一个局部变量,用来判断表单是否提交过,如果提交过就把它置为true,然后再进行表单验证是否提交。
在实际开发中,用JavaScript方法有如下坏处:
1、用户可以把JavaScript语句删除,通过自己修改的表单页面重复提交;
2、刷新可以重复提交;
3、点后退又可以提交。
表单页面:form.html:
<html>
<head>
<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="content-type" content="text/html;charset=UTF-8">
<script type="text/javascript">
/*
var iscommitted = false; //全局变量,用来定义表单是否提交过,如果提交过就把它置为true
function dosubmit() {
if(!iscommitted) {
iscommitted = true;
return true;
} else {
return false;
}
}
*/
//下面的代码表示,当提交过一次以后,提交按钮变灰色
function dosubmit() {
document.getElementById("submit").disabled='disabled';
return true;
}
</script>
</head>
<body>
<!-- 有return 会报错 你可以在报错的js文件上右键 MyEclipse — 勾选Exclude From Validation -->
<form method="post" action="/J2013-8-27Session/DoformServlet" οnsubmit="return dosubmit()">
用户名:<input type="text" name="username">
<input type="submit" id="submit" value="提交" >
</form>
</body>
</html>
//处理表单提交请求
public class DoformServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//获得用户名
String username = request.getParameter("username");
//模拟网络延迟
try {
Thread.sleep(1000*3);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//向数据库注册用户
System.out.println("向数据库注册用户");
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
Java代码:
package come.guigu.form;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import javax.management.RuntimeErrorException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sun.misc.BASE64Encoder;
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
//产生表单
public class FormServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//产生随机数(表单号)
TokenProcessor tp = TokenProcessor.getInstance(); //拿到随机数发生器
String token = tp.generateToken(); //产生token
request.getSession().setAttribute("token", token); //因为等一下要用这个token
request.getRequestDispatcher("/form.jsp").forward(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
//令牌唯一,设置成单例,保证最大的唯一性
class TokenProcessor { //令牌发生器
/*单例设计模式步骤:
* 1.把构造方法私有,这样别人就无法创建对象了
* 2.自己创建一个
* 3.对外暴露一个方法,允许获取上面创建的对象
*/
private TokenProcessor() {}
private static final TokenProcessor instance = new TokenProcessor();
public static TokenProcessor getInstance() {
return instance;
}
//产生随机数
public String generateToken() {
String token = System.currentTimeMillis() + new Random().nextInt() + ""; //当前毫秒值+
//采用上述方法,得到的随机数的长度可能会不一致,要长度一致,就要得到它的数据指纹(摘要)(128位)
try {
MessageDigest md = MessageDigest.getInstance("md5"); //得到摘要算法
byte[] md5 = md.digest(token.getBytes()); //返回的数组保存着数据摘要
//return new String(md5); //会返回一个乱码串,默认查国标2312码表,但这个码表里面不一定有
//超级重要!!!base64编码:返回明文字符串(就是键盘上能看到的那些字符)
/*
* 把3个字节(24个二进制位)变成4个字节(每个字节只能装6位)
* 0011 0010 1100 1101 0010 1001
* 编码后:0~63 64个数字
* 00001100 00101100 00110100 00101001
*/
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(md5);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
throw new RuntimeException(e);
}
}
}
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'form.jsp' starting page</title>
</head>
<body>
<form action="/J2013-8-27Session/DoformServlet" method="post">
<!--用户提交表单的时候要带随机号,取出随机号-->
<input type="hidden" name="token" value="${token}">
用户名:<input type="text" name="username"><br/>
<input type="submit" value="提交">
</form>
</body>
</html>
package come.guigu.form;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
//处理表单提交请求
public class DoformServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//检测表单是否有效
boolean b = isTokenValid(request);
if(!b) {
System.out.println("请不要重复提交!");
return;
}
request.getSession().removeAttribute("token"); //服务器删除表单号
System.out.println("向数据库注册用户");
}
//判断表单号是否有效
private boolean isTokenValid(HttpServletRequest request) {
// TODO Auto-generated method stub
String clint_token = request.getParameter("token");
//没有带表单号过来,也认为是重复提交
if(clint_token == null) {
return false;
}
//如果客户端带过来了,则判断服务器有没有对应的随机号
String server_token = (String) request.getSession().getAttribute("token");
if(server_token == null) {
//表明已经提交过,服务器端删除了
return false;
}
//如果客户端带过来了,服务器端也有随机号,则判断这两个是否一致
if(!clint_token.equals(server_token)) {
return false;
}
return true;
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}