1. 實現原理
1)通過設置token的形式。把當前用戶信息和token設置到session裏,token爲當前時間戳的值,同一用戶下每次提交的token不一樣,才允許通過,如果是2次以上的請求,那麼可以使用token.equals(session.getAttribute("token"))來判斷是否在同一個時刻有重複提交,如果相等,那麼給錯誤提示: 重複提交! 如果沒有,那麼就把token設置到對應的Session裏。
完整代碼:
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class DuplicataSubmitFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain arg2) throws IOException, ServletException {
HttpServletRequest servletrequest = (HttpServletRequest) request;
HttpServletResponse servletresponse = (HttpServletResponse) response;
String clientToken = servletrequest.getParameter("token");//獲取頁面token值
String uid=servletrequest.getParameter("uid");
//頁面token值爲空就不用過濾
if(clientToken==null){
arg2.doFilter(request, response);
}else{
HttpSession session = servletrequest.getSession();
String sessionToken = (String) session.getAttribute("token");//獲取會話token值
String sessionUid=(String) session.getAttribute("uid");
//判斷頁面token值是否等於會話token值,會話token值爲空就是第一次提交,相等就是重複提交
if (sessionToken != null&& &&uid.equals(sessionUid)&& clientToken.equals(sessionToken)) {
servletresponse.setContentType("text/html");
servletresponse.setCharacterEncoding("GBK");
//跳轉到錯誤提示頁面
servletresponse.sendRedirect(servletrequest.getContextPath()+"/public/duplicataSubmitError.jsp");
}else{
session.setAttribute("uid",uid);
session.setAttribute("token", clientToken);//把頁面token值賦予會話token值
arg2.doFilter(request, response);
}
}
}
public void init(FilterConfig arg0) throws ServletException {
}
}
然後在jsp頁面中設置一個input標籤,類型爲hidden:
<input type="hidden" name="token" value="<%=System.currentTimeMillis()%>" />
參考博客: https://blog.csdn.net/pinehacker/article/details/84006023