简单的防止重复提交,没用拦截器配置
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@taglib uri="/struts-tags" prefix="s"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <form id="form1" name="form1" action="token_doToken.do" method="post"> <s:token></s:token> <s:submit value="token验证"></s:submit> </form> </body> </html>
package com.ys.action.token; import java.util.Map; import org.apache.struts2.util.TokenHelper; import com.opensymphony.xwork2.ActionContext; import com.ys.action.BaseAction; public class TokenAction extends BaseAction { /** * */ private static final long serialVersionUID = 1L; public String toToken(){ return "tokenIndex"; } public String doToken(){ System.out.println(TokenHelper.getTokenName()+"_"+TokenHelper.generateGUID());//获得helper类的token名字和id //获得session里的token Map session = ActionContext.getContext().getSession(); String sessionToken = (String) session.get("struts.token"); System.out.println("sessionToken:——"+sessionToken); //获得页面的token Map params = ActionContext.getContext().getParameters(); String[] tokens = (String[]) params.get("struts.token"); String token = tokens[0]; System.out.println("token:——"+token); if(TokenHelper.validToken()){ return "tokenSuccess";//成功 } return "tokenFail";//失败了 } }
进行验证
在action里输出:
struts.token_71328NMVIZRB07IJA6VX0FUOJMDR4R0P
sessionToken:——NDMXQ4MJC4GI44KXKOJOVDJJVZI068Q0
token:——NDMXQ4MJC4GI44KXKOJOVDJJVZI068Q0
在页面刷新之后
action里获得的则是:
struts.token_IPHC9VN05S6RX13PMSOGGXG9OK0Q9YRF
sessionToken:——null
token:——NDMXQ4MJC4GI44KXKOJOVDJJVZI068Q0
TokenHelper.java源码
/** * $Id: TokenHelper.java 781798 2009-06-04 17:08:35Z wesw $ * * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.struts2.util; import java.math.BigInteger; import java.util.Map; import java.util.Random; import com.opensymphony.xwork2.ActionContext; import com.opensymphony.xwork2.util.LocalizedTextUtil; import com.opensymphony.xwork2.util.logging.Logger; import com.opensymphony.xwork2.util.logging.LoggerFactory; /*** * TokenHelper * */ public class TokenHelper { /*** * The default name to map the token value */ public static final String DEFAULT_TOKEN_NAME = "struts.token"; /*** * The name of the field which will hold the token name */ public static final String TOKEN_NAME_FIELD = "struts.token.name"; private static final Logger LOG = LoggerFactory.getLogger(TokenHelper.class); private static final Random RANDOM = new Random(); /*** * Sets a transaction token into the session using the default token name. * * @return the token string */ public static String setToken() { return setToken(DEFAULT_TOKEN_NAME); } /*** * Sets a transaction token into the session using the provided token name. * * @param tokenName the name to store into the session with the token as the value * @return the token string */ public static String setToken(String tokenName) { Map session = ActionContext.getContext().getSession(); String token = generateGUID(); try { session.put(tokenName, token); } catch(IllegalStateException e) { // WW-1182 explain to user what the problem is String msg = "Error creating HttpSession due response is commited to client. You can use the CreateSessionInterceptor or create the HttpSession from your action before the result is rendered to the client: " + e.getMessage(); LOG.error(msg, e); throw new IllegalArgumentException(msg); } return token; } /*** * Gets a transaction token into the session using the default token name. * * @return token */ public static String getToken() { return getToken(DEFAULT_TOKEN_NAME); } /*** * Gets the Token value from the params in the ServletActionContext using the given name * * @param tokenName the name of the parameter which holds the token value * @return the token String or null, if the token could not be found */ public static String getToken(String tokenName) { if (tokenName == null ) { return null; } Map params = ActionContext.getContext().getParameters(); String[] tokens = (String[]) params.get(tokenName); String token; if ((tokens == null) || (tokens.length < 1)) { LOG.warn("Could not find token mapped to token name " + tokenName); return null; } token = tokens[0]; return token; } /*** * Gets the token name from the Parameters in the ServletActionContext * * @return the token name found in the params, or null if it could not be found */ public static String getTokenName() { Map params = ActionContext.getContext().getParameters(); if (!params.containsKey(TOKEN_NAME_FIELD)) { LOG.warn("Could not find token name in params."); return null; } String[] tokenNames = (String[]) params.get(TOKEN_NAME_FIELD); String tokenName; if ((tokenNames == null) || (tokenNames.length < 1)) { LOG.warn("Got a null or empty token name."); return null; } tokenName = tokenNames[0]; return tokenName; } /*** * Checks for a valid transaction token in the current request params. If a valid token is found, it is * removed so the it is not valid again. * * @return false if there was no token set into the params (check by looking for {@link #TOKEN_NAME_FIELD}), true if a valid token is found */ public static boolean validToken() { String tokenName = getTokenName(); if (tokenName == null) { if (LOG.isDebugEnabled()) LOG.debug("no token name found -> Invalid token "); return false; } String token = getToken(tokenName); if (token == null) { if (LOG.isDebugEnabled()) LOG.debug("no token found for token name "+tokenName+" -> Invalid token "); return false; } Map session = ActionContext.getContext().getSession(); String sessionToken = (String) session.get(tokenName); if (!token.equals(sessionToken)) { LOG.warn(LocalizedTextUtil.findText(TokenHelper.class, "struts.internal.invalid.token", ActionContext.getContext().getLocale(), "Form token {0} does not match the session token {1}.", new Object[]{ token, sessionToken })); return false; } // remove the token so it won't be used again session.remove(tokenName); return true; } public static String generateGUID() { return new BigInteger(165, RANDOM).toString(36).toUpperCase(); } }
相关推荐
NULL 博文链接:https://minejava.iteye.com/blog/960617
主要介绍了php表单加入Token防止重复提交的方法,结合实例形式分析了Token防止重复提交的原理与使用技巧,需要的朋友可以参考下
token-springMVC 防止重复提交
struts2防止表单重复提交,利用struts的拦截器tokenSession,轻轻松松解决表单重复提交的问题。 附件为源代码,后台延迟了3秒,可直接在web服务器下部署运行,输入用户名和密码后,多点几次提交按钮,然后看控制台...
JavaEE Struts2利用tokenSession防止重复提交
防止表单重复提交的方法(简单的token方式),内附实现代码及实现思路。
利用Token机制解决重复重复提交
自定义封装注解类,(生成token存放到redis中)通过注解的方式解决API接口幂等设计防止表单重复提交
提供源代码和思想,整体架构都在,只需加入你自己的业务逻辑即可。
本文实例讲述了PHP使用token防止表单重复提交的方法。分享给大家供大家参考,具体如下: <?php /* * PHP使用token防止表单重复提交 * 此处理方法纯粹是为了给初学者参考 */ session_start(); function set_token...
主要介绍了PHP实现防止表单重复提交功能,结合实例形式分析了php基于token验证防止表单重复提交的相关操作技巧,非常简单实用,需要的朋友可以参考下
本篇文章主要介绍了springMVC中基于token防止表单重复提交方法,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
通过前端控制和后台session存储的随机token防止页面重复提交。
这里是Struts2 中放置表单重复提交的例子。
Struts2 防重复提交Demo 利用Struts2自带的s:token写的防数据重复提交策略.
一、理解Struts2拦截器 1. Struts2拦截器是在访问某个Action或Action的某个方法,字段之前或之后实施拦截,并且Struts2拦截器是可插拔的,拦截器是AOP的一种实现. 2. 拦截器栈(Interceptor Stack)。...
源码,下载下来直接可以用(防止用户刷新,重复提交数据) 有十分清晰的操作步骤,和注释,代码也封装的很好,我经常用
详解struts2的token机制和cookie来防止表单重复提交 今天在做一个投票系统时要实现防止表单重复提交! 当时就想到了用struts2提供的token机制 struts2的token机制防止表单重复提交: 首先需要在提交的jsp页面(要...