/* * 防止表单注册页面的重复提交 * * 在该页面上产生一个令牌值 * 该令牌值一个添加至服务器的session属性中,另一个随传递至浏览器页面中,通过比对2个令牌值是否相等,来判断是否处理相应请求。 * 注册成功后,删除在服务器中的令牌值,由于已经找不到令牌值而防止了表单的重复提交! * * Register.java * http://blog.csdn.net/strawberry2013 * 2013-6-13 */ package com.baidu; import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Random; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import sun.misc.BASE64Encoder; public class Register extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.getSession().setAttribute("token", TokenProcessor.getInstance().generateToken());//添加一个令牌属性 request.getRequestDispatcher("/register.jsp").forward(request, response); //转发至注册页面表单 } } //令牌,用于参数一个随机唯一的令牌值 class TokenProcessor{ private TokenProcessor(){} private static final TokenProcessor token = new TokenProcessor(); public static TokenProcessor getInstance(){ return token; } public String generateToken(){ String token = System.currentTimeMillis()+new Random().nextInt()+""; //随机的值 try { MessageDigest md = MessageDigest.getInstance("md5"); //注意下面的处理方式 byte[] md5 = md.digest(token.getBytes()); return new BASE64Encoder().encode(md5); //base64编码 } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } } }
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>欢迎您注册</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <style type="text/css"> body{ margin-left: 100px; margin-bottom: 100px; } #reg{ margin: auto; margin-left: auto; } .one{ background-color: #C9FADB; } .two{ background-color: #FFFFCC; } </style> </head> <body> <div name="rge"> <form action="/Day01/servlet/doRegister" method="post"> <input type="hidden" name="token" value="${token}"> <!-- 传递一个令牌值 -->> <table border="1" bordercolor="#000099" width="523" cellpadding="10" cellspacing="0" height="343"> <tr><td colspan="2" align="center">注册页面</td></tr> <tr> <td class="one">用户名:</td> <td class="two"><input type="text" name="username"></td> </tr> <tr> <td class="one">密码:</td> <td class="two"><input type="password" name="pass" /></td> </tr> <tr> <td class="one">确认密码:</td> <td class="two"><input type="password" name="pass" /></td> </tr> <tr> <td class="one">性别:</td> <td class="two"> <input type="radio" name="sex" value="nan" />男 <input type="radio" name="sex" value="nv" />女 </td> </tr> <tr> <td class="one">技术:</td> <td class="two"> <input type="checkbox" name="tech" value="Java"/>Java <input type="checkbox" name="tech" value="Html"/>Html <input type="checkbox" name="tech" value="C++"/>C++ </td> </tr> <tr> <td class="one">国家:</td> <td class="two"> <select name="country"> <option value="none">---国家---</option> <option value="zn">中国</option> <option value="usa">美国</option> </select> </td> </tr> <tr bgcolor="#CCFFFF"> <th colspan="2"> <input type="submit" value="提交数据" /> <input type="reset" value="置空" /> </th> </tr> </table> </form> </div> </body> </html>
/* * doRegister.java */ package com.baidu; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class doRegister extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String serverToken = (String) request.getSession().getAttribute("token"); String clientToken = request.getParameter("token"); if(serverToken!=null && serverToken.equals(clientToken)){ //比对令牌值是否相等 System.out.println("注册成功!"); request.getSession().removeAttribute("token"); return; } System.out.println("注册失败!"); return; } }