客户端防表单重复提交和服务器端session防表单重复提交

在客户端防表单重复提交（使用javascript代码）：

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
  <script type="text/javascript">
   function doSubmit(){
    var input = document.getElementById("submit");
    input.disabled = "disabled";
    return true;
   }
  </script>
  </head>
  <body>
   <form action="/javaweb/servlet/DoForm" onsubmit="return doSubmit()">
     <input type="hidden" name="token" value="${token}">
   用户名：<input name="username" type="text"/>
     <input type="submit" id="submit"/>
   </form>
  </body>
</html>

在服务器端使用servlet生成表单，实际就是给表单一个唯一的id

package details;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import sun.misc.BASE64Encoder;

public class FormServlet extends HttpServlet {

 /**
  * 产生表单令牌 唯一id
  */
 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  String token = TokenProcessor.getInstance().generateToken();
  request.getSession().setAttribute("token", token);
  request.getRequestDispatcher("/form.jsp").forward(request, response);
 }

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request,response);
 }

}

class TokenProcessor{  //令牌 采用单例模式
 /**
  * 1.私有构造函数
  * 2.自己创建一个
  * 3.对外暴露一个方法，允许访问上面创建的对象
  */
 private TokenProcessor(){}
 private static final TokenProcessor instance = new TokenProcessor();
 public static TokenProcessor getInstance(){
  return instance;
 }
 
 public String generateToken(){
  String token = System.currentTimeMillis()+ new Random().nextInt() +"";
  try {
   MessageDigest md = MessageDigest.getInstance("md5");
   byte[] mds = md.digest(token.getBytes());
   //base64编码
   BASE64Encoder encoder = new BASE64Encoder();
   return encoder.encode(mds);
  } catch (NoSuchAlgorithmException e) {
   throw new RuntimeException(e);
  }
 }
}

从jsp页面进行处理的servlet

package details;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class DoForm extends HttpServlet {

 /**
  *
  */
 public void doGet(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  if(!isTokenVali(request)){
   System.out.println("请不要重复提交！");
   return;
  }
  request.getSession().removeAttribute("token");
  System.out.println("处理");
 }

 private boolean isTokenVali(HttpServletRequest request) {
  String client_token = request.getParameter("token");
  if(client_token==null){
   return false;
  }
  String server_token = (String) request.getSession().getAttribute("token");
  //服务器表单号已经删除
  if(server_token==null){
   return false;
  }
  if(!client_token.equals(server_token)){
   return false;
  }
  return true;
 }

 /**
  *
  */
 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  doGet(request, response);
 }

}

struts的防表单重复提交与此相同。