フォームの重複コミットの問題解決策
次にtokenの例を書きます:(tomcatで実行できます.)
1.JSPページ、3つ.
index.jsp
<%@ page language="java"import="java.util.*"pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title> </title>
</head>
<body>
<h4> :</h4>
<%
String token = (String)request.getAttribute("mytoken");
out.print(token);
%>
<formaction="token.jspx?_m=pay"method="post">
<inputtype="hidden"name="token"value="<%=token %>"/>
<inputtype="text"name="money"/>
<inputtype="submit"value=" "/>
</form>
</body>
</html>
suc.jsp
<%@ page language="java"import="java.util.*"pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title> </title>
</head>
<body>
<h2style="color:red;"> ! !</h2>
</body>
</html>
error.jsp
<%@ page language="java"import="java.util.*"pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title> </title>
</head>
<body>
<h2> , !</h2>
</body>
</html>
2.com.hanchao.web.utilは私たちのキットです
package com.hanchao.web.util;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
/**
*
* @author hanlw
* 2012-07-09
*/
publicclass TokenUtil {
// , ,
privatestaticfinal String TOKEN = "TOKEN";
/**
* token
* @param request
* @return
*/
public String getToken(HttpServletRequest request) {
//★UUID
UUID uuid = UUID.randomUUID();
String token = uuid.toString();
HttpSession session = request.getSession();
session.setAttribute(TOKEN, token);
return token;
}
/**
* token
* @param request
* @param requestToken
* @return
*/
publicboolean validateToken(HttpServletRequest request,String requestToken) {
HttpSession session = request.getSession();
String sessionToken = (String) session.getAttribute(TOKEN);
if(sessionToken != null &&
requestToken != null &&
sessionToken.equals(requestToken)) {
session.removeAttribute(TOKEN);
returntrue;
} else {
returnfalse;
}
}
}
3.我々のservlet
package com.hanchao.web.util;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
publicclass TokenServlet extends HttpServlet {
privatestaticfinallong serialVersionUID = 1L;
publicvoid doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String method = request.getParameter("_m");
if("pay".equals(method)) {
pay(request,response);
} elseif("tosave".equals(method)) {
save(request,response);
}
}
/**
* token
* @param request
* @param response
* @throws ServletException
* @throws IOException
*/
privatevoid save(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException{
TokenUtil util = new TokenUtil();
String token = util.getToken(request);
request.setAttribute("mytoken", token);
request.getRequestDispatcher("index.jsp").forward(request, response);
}
/**
*
* @param request
* @param response
* @throws ServletException
* @throws IOException
*/
privatevoid pay(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException{
String token = request.getParameter("token");
TokenUtil util = new TokenUtil();
boolean result = util.validateToken(request, token);
if(result) {
String money = request.getParameter("money");
System.out.println(" "+money+" ");
request.getRequestDispatcher("suc.jsp").forward(request, response);
} else {
request.getRequestDispatcher("error.jsp").forward(request, response);
}
}
publicvoid doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request,response);
}
}
==================================================================
2013-06-21-add-han
昨日私たちのアーキテクチャとこの問題について話しました.今やっているプロジェクトが関連しているからです.彼は、分散型の大規模なインターネットプロジェクトでは、このようなtokenの方式は、高同時性の場合に問題が発生する可能性があると述べた.だから、redirectが一番安全なのもお勧めでしょう.ありがとう