Filter and prevent use JAVA- session page repeatedly submit
Solutions:
1. Form pages users access, through the first filter, the filter is provided as a random id token token and the token into the hidden form field
2 in response to the form browser, the user submits a request to fill data;
3 requests through the filter, the filter of the form acquired authentication token, if a previously generated token and consistent, the request will be released, and clears the token;
4 if the user repeatedly the form is submitted, a request through the filter, the filter be verified because the token is released after the first failure has been emptied, token inconsistent, release Jump to alert interface.
Knowledge required:
Fundamentals filter 1
Basics the servlet 2
. 3 Basics filter
4 jsp Basics
code for
1 jsp achieve form form page
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Insert title here</title> </head> <body> <form action="login" method="post"> <!-- 利用表单的隐藏域 保存token令牌 --> <!-- ${token}等价于req.getsession().getAttribute("token")--> <input type="hidden" name="token" value="${token}" /> 用户名:<input type="text" name="username"/><br/> 密码:<input type="password" name="password"/><br/> <input type="submit" value="login"/> </form> </body> </html>
2 filter filters
package com.woniu.filter.controler; import java.io.IOException; import java.util.UUID; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Servlet Filter implementation class TokenFilte */ //过滤所有servlet @WebFilter("*") public class TokenFilte implements Filter { public TokenFilte() { // TODO Auto-generated constructor stub } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub //设置编码集 request.setCharacterEncoding("utf-8"); response.setCharacterEncoding("utf-8"); response.setContentType("text/html;charser=utr-8"); //向下转型 HttpServletRequest req=(HttpServletRequest) request; HttpServletResponse resp=(HttpServletResponse) response; //获取表单的token String parameterToken = req.getParameter("token"); //获取session中的token String sessionToken = (String) req.getSession().getAttribute("token"); // determine the form of the token, the user has no explanation for the empty form to submit the form, you need to verify whether duplicate submission, // empty note is the first time to enter the login page, you need to set token IF (ParameterToken! = Null) { // judge two tokens are equal, equal, release, and reset a token iF (parameterToken.equals (sessionToken)) { // the token resets the req.getSession () removeAttribute ( "token");. the chain.doFilter (Request , Response); } // note is the else {resubmit forwarded to the prompt page req.getRequestDispatcher ( "repeatReminder") forward (Request, Response);. } } {// the else first in, the token needs to be set / / universe generated unique code String token = UUID.randomUUID () toString ();. // set the session the req.getSession () the setAttribute ( "token", token);. // release the chain.doFilter (Request, Response); } } @Override public void destroy() { // TODO Auto-generated method stub } @Override public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } }
Servlet 3 forms a response
using a thread to sleep for 30 seconds, the analog network congestion
package com.woniu.filter.controler; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Servlet implementation class PrintUser */ @WebServlet("/login") public class Login extends HttpServlet { private static final long serialVersionUID = 1L; public Login() { super(); // TODO Auto-generated constructor stub } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { //线程睡30秒,便于演示网络拥堵 Thread.sleep(30000); response.getWriter().write("登录成功"); } catch (InterruptedException e) { // TODO Auto-generated catch block e.printStackTrace(); } } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } }
Servlet response time of 4 duplicate submission
to jump to the page repeated reminders to submit
package com.woniu.filter.controler; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Servlet implementation class repeatReminder */ @WebServlet("/repeatReminder") public class repeatReminder extends HttpServlet { private static final long serialVersionUID = 1L; public repeatReminder() { super(); // TODO Auto-generated constructor stub } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.getWriter().write("页面正在处理,请勿重复提交"); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub doGet(request, response); } }