struts2 自带的 token防止表单重复提交拦截器

Posted 奋斗的孩子

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了struts2 自带的 token防止表单重复提交拦截器相关的知识,希望对你有一定的参考价值。

在struts2中,我们可以利用struts2自带的token拦截器轻松实现防止表单重复提交功能!

1. 在相应的action配置中增加:

   <interceptor-ref name="token"></interceptor-ref>

  <result name="invalid.token">/error.jsp</result>

2. 增加error.jsp文件,代码如下:

    <h1>禁止重复提交</h1>

3. 在所提交的表单上增加:<s:token></s:token>标记。

    <form action="firstAction">

    <input name="uname" value="zhangsan"><br>
    <s:token></s:token>
    <input type="submit" value="提交">
  </form>

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_9" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
  <filter>
    <filter-name>struts2</filter-name>
    <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>struts2</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
</web-app>

struts.xml:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
  <package name="crm" namespace="/" extends="struts-default" >
    <interceptors>
      <interceptor name="myInter" class="com.chdsxt.interceptor.MyInterceptor" />
      <interceptor-stack name="myStack">
        <interceptor-ref name="defaultStack" />
        <!-- <interceptor-ref name="myInter" /> -->
        <interceptor-ref name="token" />
      </interceptor-stack>
    </interceptors>
    <default-interceptor-ref name="myStack" />
    <!-- 全局result -->
    <global-results>
      <result name="success">/ok.jsp</result>
    </global-results>
  </package>
  <package name="default" namespace="/" extends="crm">
    <action name="firstAction" class="com.huawei.s2.action.FirstAction" >
      <result name="invalid.token" >/error.jsp</result>
    </action>
  </package>
</struts>

Action:

package com.huawei.s2.action;
public class FirstAction {
  private String uname;
  public String execute(){
    System.out.println(uname+"========FirstAction=======");
    return "success";
  }
  public String getUname() {
    return uname;
  }
  public void setUname(String uname) {
    this.uname = uname;
  }
}

jsp:

1.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib prefix="s" uri="/struts-tags" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <base href="<%=basePath%>">
  <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
  <title>This is my JSP page</title>
  <meta http-equiv="pragma" content="no-cache">
  <meta http-equiv="cache-control" content="no-cache">
  <meta http-equiv="expires" content="0">
  <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
  <meta http-equiv="description" content="This is my page">
</head>
<body>
  <form action="firstAction">
    <input name="uname" value="zhangsan"><br>
    <s:token></s:token>
    <input type="submit" value="提交">
  </form>
</body>
</html>

ok.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
    <title>This is my JSP page</title>
    <meta http-equiv="pragma" content="no-cache">
    <meta http-equiv="cache-control" content="no-cache">
    <meta http-equiv="expires" content="0">
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
    <meta http-equiv="description" content="This is my page">
  </head>
  <body>
    <h1>提交成功</h1>
  </body>
</html>

error.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
    <title>This is my JSP page</title>
    <meta http-equiv="pragma" content="no-cache">
    <meta http-equiv="cache-control" content="no-cache">
    <meta http-equiv="expires" content="0">
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
    <meta http-equiv="description" content="This is my page">
  </head>
  <body>
    <h1>禁止重复提交</h1>
  </body>
</html>

以上是关于struts2 自带的 token防止表单重复提交拦截器的主要内容,如果未能解决你的问题,请参考以下文章

12-struts2防止表单重复提交

Struts2防止表单重复提交

关于struts2防止表单重复提交

Strut2 采用token机制防御CSRF同时也可以防止表单重复提交

Struts2之UI标签和防止表单重复提交

防重复提交利器--struts2令牌