struts2 模拟令牌机制防止表单重复提交

Posted 奋斗的孩子

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了struts2 模拟令牌机制防止表单重复提交相关的知识,希望对你有一定的参考价值。

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0"
  xmlns="http://java.sun.com/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
  <filter>
    <filter-name>tokenFilter</filter-name>
    <filter-class>com.huawei.filter.TokenFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>tokenFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <servlet>
    <servlet-name>testServlet</servlet-name>
    <servlet-class>com.huawei.token.TestServlet</servlet-class>
  </servlet>

  <servlet-mapping>
    <servlet-name>testServlet</servlet-name>
    <url-pattern>/testServlet</url-pattern>
  </servlet-mapping>

</web-app>

filter:

package com.huawei.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class TokenFilter implements Filter{
  @Override
  public void destroy() {
  }
  @Override
  public void doFilter(ServletRequest req, ServletResponse resp,FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest)req;
    HttpServletResponse response = (HttpServletResponse) resp;
    String remark = request.getParameter("remark");
    if(remark!=null&&remark.equals("token")){
      HttpSession session = request.getSession();
      String tokenResult = (String) session.getAttribute("tokenResult");
      String tokenValue = request.getParameter("tokenValue");
      if(tokenValue.equals(tokenResult)){//说明是第一次提交
        session.removeAttribute("tokenResult");
        chain.doFilter(request,response);
      }else{
        String path = request.getContextPath();
        String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
        System.out.println(basePath);
        response.sendRedirect(basePath+"/error.jsp");
        return;
      }
    }else{
      chain.doFilter(request,response);
    }

  }

  @Override
  public void init(FilterConfig filterConfig) throws ServletException {

  }

}

token:

package com.huawei.token;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class TestServlet extends HttpServlet {
  public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {
    doPost(request, response);
  }
  public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {
    String uname=request.getParameter("uname");
    System.out.println("==============TestServlet================"+uname);
    request.getRequestDispatcher("ok.jsp").forward(request, response);
    return;
  }
}

jsp:

error.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
    <title>This is my JSP page</title>
    <meta http-equiv="pragma" content="no-cache">
    <meta http-equiv="cache-control" content="no-cache">
    <meta http-equiv="expires" content="0">
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
    <meta http-equiv="description" content="This is my page">
  </head>
  <body>
    <h1>禁止重复提交</h1>
  </body>
</html>

index.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
    <title>This is my JSP page</title>
    <meta http-equiv="pragma" content="no-cache">
    <meta http-equiv="cache-control" content="no-cache">
    <meta http-equiv="expires" content="0">
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
    <meta http-equiv="description" content="This is my page">
  </head>
  <body>
    <%
      session.setAttribute("tokenResult", UUID.randomUUID().toString());
    %>
    <form action="testServlet">
      <input name="uname" value="lisi" /><br>
      <input type="hidden" name="tokenValue" value="${tokenResult}"/>
      <input type="hidden" name="remark" value="token" />
      <input type="submit" value="提交">
    </form>
  </body>
</html>

ok.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
    <title>This is my JSP page</title>
    <meta http-equiv="pragma" content="no-cache">
    <meta http-equiv="cache-control" content="no-cache">
    <meta http-equiv="expires" content="0">
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
    <meta http-equiv="description" content="This is my page">
  </head>
  <body>
    <h1>提交成功</h1>
  </body>
</html>

以上是关于struts2 模拟令牌机制防止表单重复提交的主要内容,如果未能解决你的问题,请参考以下文章

12-struts2防止表单重复提交

关于struts2防止表单重复提交

防重复提交利器--struts2令牌

Strut2 采用token机制防御CSRF同时也可以防止表单重复提交

struts2防止表单重复提交的解决方案

struts2 防止表单的重复提交