/*
* 防止表单注册页面的重复提交
*
* 在该页面上产生一个令牌值
* 该令牌值一个添加至服务器的session属性中,另一个随传递至浏览器页面中,通过比对2个令牌值是否相等,来判断是否处理相应请求。
* 注册成功后,删除在服务器中的令牌值,由于已经找不到令牌值而防止了表单的重复提交!
*
* Register.java
* http://blog.csdn.net/strawberry2013
* 2013-6-13
*/
package com.baidu;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sun.misc.BASE64Encoder;
public class Register extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
request.getSession().setAttribute("token", TokenProcessor.getInstance().generateToken());//添加一个令牌属性
request.getRequestDispatcher("/register.jsp").forward(request, response); //转发至注册页面表单
}
}
//令牌,用于参数一个随机唯一的令牌值
class TokenProcessor{
private TokenProcessor(){}
private static final TokenProcessor token = new TokenProcessor();
public static TokenProcessor getInstance(){
return token;
}
public String generateToken(){
String token = System.currentTimeMillis()+new Random().nextInt()+""; //随机的值
try {
MessageDigest md = MessageDigest.getInstance("md5"); //注意下面的处理方式
byte[] md5 = md.digest(token.getBytes());
return new BASE64Encoder().encode(md5); //base64编码
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
}
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>欢迎您注册</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<style type="text/css">
body{
margin-left: 100px;
margin-bottom: 100px;
}
#reg{
margin: auto;
margin-left: auto;
}
.one{
background-color: #C9FADB;
}
.two{
background-color: #FFFFCC;
}
</style>
</head>
<body>
<div name="rge">
<form action="/Day01/servlet/doRegister" method="post">
<input type="hidden" name="token" value="${token}"> <!-- 传递一个令牌值 -->>
<table border="1" bordercolor="#000099" width="523" cellpadding="10" cellspacing="0" height="343">
<tr><td colspan="2" align="center">注册页面</td></tr>
<tr>
<td class="one">用户名:</td>
<td class="two"><input type="text" name="username"></td>
</tr>
<tr>
<td class="one">密码:</td>
<td class="two"><input type="password" name="pass" /></td>
</tr>
<tr>
<td class="one">确认密码:</td>
<td class="two"><input type="password" name="pass" /></td>
</tr>
<tr>
<td class="one">性别:</td>
<td class="two">
<input type="radio" name="sex" value="nan" />男
<input type="radio" name="sex" value="nv" />女
</td>
</tr>
<tr>
<td class="one">技术:</td>
<td class="two">
<input type="checkbox" name="tech" value="Java"/>Java
<input type="checkbox" name="tech" value="Html"/>Html
<input type="checkbox" name="tech" value="C++"/>C++
</td>
</tr>
<tr>
<td class="one">国家:</td>
<td class="two">
<select name="country">
<option value="none">---国家---</option>
<option value="zn">中国</option>
<option value="usa">美国</option>
</select>
</td>
</tr>
<tr bgcolor="#CCFFFF">
<th colspan="2">
<input type="submit" value="提交数据" />
<input type="reset" value="置空" />
</th>
</tr>
</table>
</form>
</div>
</body>
</html>
/*
* doRegister.java
*/
package com.baidu;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class doRegister extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String serverToken = (String) request.getSession().getAttribute("token");
String clientToken = request.getParameter("token");
if(serverToken!=null && serverToken.equals(clientToken)){ //比对令牌值是否相等
System.out.println("注册成功!");
request.getSession().removeAttribute("token");
return;
}
System.out.println("注册失败!");
return;
}
}