首页 > 代码库 > springmvc的token防重复提交
springmvc的token防重复提交
一:首要创立一个号码大全token处置类 ,这儿的类名叫关键词挖掘工具 TokenHandler
private static Logger logger = Logger.getLogger(TokenHandler.class);
static Map springmvc_token http://www.3h5.cn = null;
//生成一个仅有值的token
@SuppressWarnings("unchecked")
public synchronized static String generateGUID(HttpSession session http://www.fanselang.com) {
String token = "";
try {
Object obj = session.getAttribute("SPRINGMVC.TOKEN");
if(obj!=null)
springmvc_token = (Map)session.getAttribute("SPRINGMVC.TOKEN");
else
springmvc_token = new HashMap()
token = new BigInteger(165, new Random()).toString(36)
.toUpperCase();
springmvc_token.put(Constants.DEFAULT_TOKEN_NAME + "." + token,token);
session.setAttribute("SPRINGMVC.TOKEN", springmvc_token);
Constants.TOKEN_VALUE = http://www.mamicode.com/token;
} catch (IllegalStateException e) {
logger.error("generateGUID() mothod find http://www.4lunwen.cn bug,by token session...");
}
return token;
}
//验证表单token值和session中的token值是不是一致
@SuppressWarnings("unchecked")
public static boolean validToken(HttpServletRequest request) {
String inputToken = getInputToken(request);
if (inputToken == null) {
logger.warn("token is not valid!inputToken is NULL");
return false;
}
HttpSession session = request.getSession();http://www.zx1234.cn
Map tokenMap = (Map) session.getAttribute("SPRINGMVC.TOKEN");
if (tokenMap == null || tokenMap.size() < 1) {http://www.penbar.cn
logger.warn("token is not valid!sessionToken is NULL");
return false;http://www.lunjin.net
}
String sessionToken = tokenMap.get(Constants.DEFAULT_TOKEN_NAME + "."
+ inputToken);
if (!inputToken.equals(sessionToken)) {
logger.warn("token is not valid!inputToken=‘" + inputToken
+ "‘,sessionToken = ‘" + sessionToken + "‘");
return false;
}
tokenMap.remove(Constants.DEFAULT_TOKEN_NAME + "." + inputToken);
session.setAttribute("SPRINGMVC.TOKEN", tokenMap);
return true;http://www.91fish.cn
}
//获取表单中token值
@SuppressWarnings("unchecked")
public static String getInputToken(HttpServletRequest request) {
Map params = request.getParameterMap();
if (!params.containsKey(Constants.DEFAULT_TOKEN_NAME)) {
logger.warn("Could not find token name in params.");
return null;http://www.ssstyle.cn
}
String[] tokens = (String[]) (String[]) params
.get(Constants.DEFAULT_TOKEN_NAME);
if ((tokens == null) || (tokens.length < 1)) {
logger.warn("Got a null or empty token name.");http://www.wwwyoujizzcom.cn
return null;
}
return tokens[0];
}
二: 自个完成一个自定义标签 这儿我自定义的标签叫: (自定义标签的代码完成,我放csdn上了,不会的赶紧去下载,这儿我不讲了),页面中运用如下:
1:引进标签库:<%@ taglib prefix="dy" uri="/dy-tags"%>
2:jsp页面中的表单,留意加上token标签!!!如下:
index.jsp!!!
<%@ taglib prefix="dy" uri="/dy-tags"%>
spring mvc
welcome to spring mvc!
username:
password:
email:
三 :这是我用到的常量:
public static String DEFAULT_TOKEN_MSG_JSP = "unSubmit.jsp" ;
public static String TOKEN_VALUE ;
public static String DEFAULT_TOKEN_NAME = "springMVC.token";
四: 我MyController类的以下2个办法要用到token,避免表单重复提交
@RequestMapping(value = "http://www.mamicode.com/index.do")
public String index(HttpServletRequest request) {
return "index";
}
@RequestMapping(value = "http://www.mamicode.com/indexSubmit.do", method = RequestMethod.POST)
public String indexSubmit(User user,HttpServletRequest request) {
try {
myService.insert(user);
logger.info("info=新增成功");
} catch (Exception e) {
logger.error("exception:" + e);
}
五:以下是我拦截器的完成,留意有两个拦截器,一个生成token,一个验证token。
/**
* @Title
* @author dengyang
* @date 2013-6-4
*/
public class TokenHandlerInterceptor implements HandlerInterceptor{
public void afterCompletion(HttpServletRequest arg0,
HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
}
public void postHandle(HttpServletRequest request, HttpServletResponse response,
Object arg2, ModelAndView arg3) throws Exception {
TokenHandler.generateGUID(request.getSession());
}
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object arg2) throws Exception {
return true;
}
}
/**
* @Title
* @author dengyang
* @date 2013-6-4
*/
public class TokenValidInterceptor implements HandlerInterceptor{
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object arg2, Exception arg3)
throws Exception {
}
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, ModelAndView arg3) throws Exception {
}
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object arg2) throws Exception {
if(!TokenHandler.validToken(request)){
response.sendRedirect(Constants.DEFAULT_TOKEN_MSG_JSP);
return false;
}
return true;
}
}
六:ok,这下面是我的spring拦截器配置
-->这个恳求回来的是你有token的页面
-->这个是提交恳求
七:ok,整体完成原理和struts的token标签相似,有疑问请留言...