Filter and prevent use JAVA- session page repeatedly submit
Solutions:
1. Form pages users access, through the first filter, the filter is provided as a random id token token and the token into the hidden form field
2 in response to the form browser, the user submits a request to fill data;
3 requests through the filter, the filter of the form acquired authentication token, if a previously generated token and consistent, the request will be released, and clears the token;
4 if the user repeatedly the form is submitted, a request through the filter, the filter be verified because the token is released after the first failure has been emptied, token inconsistent, release Jump to alert interface.
Knowledge required:
Fundamentals filter 1
Basics the servlet 2
. 3 Basics filter
4 jsp Basics
code for
1 jsp achieve form form page
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="login" method="post">
<!-- 利用表单的隐藏域 保存token令牌 -->
<!-- ${token}等价于req.getsession().getAttribute("token")-->
<input type="hidden" name="token" value="${token}" />
用户名:<input type="text" name="username"/><br/>
密码:<input type="password" name="password"/><br/>
<input type="submit" value="login"/>
</form>
</body>
</html>
2 filter filters
package com.woniu.filter.controler;
import java.io.IOException;
import java.util.UUID;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet Filter implementation class TokenFilte
*/
//过滤所有servlet
@WebFilter("*")
public class TokenFilte implements Filter {
public TokenFilte() {
// TODO Auto-generated constructor stub
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
//设置编码集
request.setCharacterEncoding("utf-8");
response.setCharacterEncoding("utf-8");
response.setContentType("text/html;charser=utr-8");
//向下转型
HttpServletRequest req=(HttpServletRequest) request;
HttpServletResponse resp=(HttpServletResponse) response;
//获取表单的token
String parameterToken = req.getParameter("token");
//获取session中的token
String sessionToken = (String) req.getSession().getAttribute("token");
// determine the form of the token, the user has no explanation for the empty form to submit the form, you need to verify whether duplicate submission,
// empty note is the first time to enter the login page, you need to set token
IF (ParameterToken! = Null) {
// judge two tokens are equal, equal, release, and reset a token
iF (parameterToken.equals (sessionToken)) {
// the token resets
the req.getSession () removeAttribute ( "token");.
the chain.doFilter (Request , Response);
} // note is the else {resubmit forwarded to the prompt page
req.getRequestDispatcher ( "repeatReminder") forward (Request, Response);.
}
} {// the else first in, the token needs to be set
/ / universe generated unique code
String token = UUID.randomUUID () toString ();.
// set the session
the req.getSession () the setAttribute ( "token", token);.
// release
the chain.doFilter (Request, Response);
}
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
Servlet 3 forms a response
using a thread to sleep for 30 seconds, the analog network congestion
package com.woniu.filter.controler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class PrintUser
*/
@WebServlet("/login")
public class Login extends HttpServlet {
private static final long serialVersionUID = 1L;
public Login() {
super();
// TODO Auto-generated constructor stub
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
//线程睡30秒,便于演示网络拥堵
Thread.sleep(30000);
response.getWriter().write("登录成功");
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}
Servlet response time of 4 duplicate submission
to jump to the page repeated reminders to submit
package com.woniu.filter.controler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class repeatReminder
*/
@WebServlet("/repeatReminder")
public class repeatReminder extends HttpServlet {
private static final long serialVersionUID = 1L;
public repeatReminder() {
super();
// TODO Auto-generated constructor stub
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.getWriter().write("页面正在处理,请勿重复提交");
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}