JSP & Java 实现 Token (without use Struct)--控制刷新(F5) 和 回格(Backspace)

于 2012-07-04 18:42:23 发布 · 192 阅读 · 0
文章标签:

#java

本文详细介绍了如何使用MD5算法在Web应用中实现安全的身份验证机制,包括生成、验证和重置身份验证令牌的过程。

1. JSP Setting as below:

  <body>

  <form id ="fromName" ...>

  ...

  <input type="hidden" id="htmlTOKEN" name="htmlTOKEN" value="${htmlTOKEN}"/>

  ....

 </form>

 ....

  

2. Java (Constants) -- CommonConstants.java

public class CommonConstants {
    .....
    public static final String TRANSACTION_TOKEN_KEY = "actionTOKEN";
    public static final String TOKEN_KEY = "htmlTOKEN";
   ......
}

  

 

  3. Java (Token method) -- Named as TokenProcessor.java

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import com.requestprocessing.WorkContext;
import com.requestprocessing.servlet.ServletWorkContext;
import com.common.module.CommonConstants;

public class TokenProcessor
{

    private static TokenProcessor instance = new TokenProcessor();
    private long previous;
    protected TokenProcessor()
    {
    }

    public static TokenProcessor getInstance()
    {
        return instance;
    }

    public synchronized boolean isTokenValid(WorkContext oCTX, String action)
    {
    	if(action == null){
    		return isTokenValid(oCTX, false);
    	}else{
    		return isTokenValid(oCTX, action, false);
    	}
    }

    public synchronized boolean isTokenValid(WorkContext oCTX, boolean reset)
    {
    	if(oCTX == null){
    		return false;
    	}
    	    	
    	String saved = (String)oCTX.getUserData(CommonConstants.TRANSACTION_TOKEN_KEY);
    	if(saved == null){
    		return false;
    	}
    	if(reset){
    		resetToken(oCTX);
    	}
    	
    	String token = (String) oCTX.getRequestParameter(CommonConstants.TOKEN_KEY);
    	if( token == null || ("").equals(token)){
    		//return false;
    		return true;
    	}else{
    		return saved.equals(token);
    	}       
    }

    public synchronized boolean isTokenValid(WorkContext oCTX, String action, boolean reset)
    {
    	if(oCTX == null){
    		return false;
    	}
    	    	
    	String saved = (String)oCTX.getUserData(action + CommonConstants.TRANSACTION_TOKEN_KEY);
    	if(saved == null){
    		return false;
    	}
    	if(reset){
    		resetToken(oCTX, action);
    	}
    	
    	String token = (String) oCTX.getRequestParameter(CommonConstants.TOKEN_KEY);
    	if( token == null || ("").equals(token)){
    		//return false;
    		return true;
    	}else{
    		return saved.equals(token);
    	}       
    }
    
    public synchronized void resetToken(WorkContext oCTX)
    {
    	if(oCTX == null){
    		return;
    	}else{
    		oCTX.removeUserData(CommonConstants.TRANSACTION_TOKEN_KEY);
    		return;
    	}
    }
    
    public synchronized void resetToken(WorkContext oCTX, String action)
    {
    	if(oCTX == null){
    		return;
    	}else{
    		if(action == null){
    			oCTX.removeUserData(CommonConstants.TRANSACTION_TOKEN_KEY);
    		}else{
    			oCTX.removeUserData(action + CommonConstants.TRANSACTION_TOKEN_KEY);
    		}
    		return;
    	}
    }

    public synchronized void saveToken(WorkContext oCTX)
    {    	
        String token = generateToken(oCTX);
        if(token != null){
            oCTX.putUserData(CommonConstants.TRANSACTION_TOKEN_KEY, token);
        	oCTX.putRequestData(CommonConstants.TOKEN_KEY, oCTX.getUserData(CommonConstants.TRANSACTION_TOKEN_KEY));
        }  
    }
        
    public synchronized void saveToken(WorkContext oCTX, String action)
    {    	
        String token = generateToken(oCTX);
        
        if(token != null && action == null){
        	oCTX.putUserData( CommonConstants.TRANSACTION_TOKEN_KEY, token);
        	oCTX.putRequestData(CommonConstants.TOKEN_KEY, oCTX.getUserData(CommonConstants.TRANSACTION_TOKEN_KEY));
        }else{
            oCTX.putUserData(action + CommonConstants.TRANSACTION_TOKEN_KEY, token);
        	oCTX.putRequestData(CommonConstants.TOKEN_KEY, oCTX.getUserData(action + CommonConstants.TRANSACTION_TOKEN_KEY));
        }
    }


    public synchronized String generateToken(WorkContext oCTX)
    {
    	HttpServletRequest request = ((ServletWorkContext)oCTX).getHttpServletRequest();
        HttpSession session = request.getSession();
        return generateToken(session.getId());
    }

    public synchronized String generateToken(String id)
    {
        MessageDigest md;
        long current = System.currentTimeMillis();
        try{
        	if(current == previous)
        		current++;
        	previous = current;
        	byte now[] = (new Long(current)).toString().getBytes();
        	md = MessageDigest.getInstance("MD5");
        	md.update(id.getBytes());
        	md.update(now);
        	return toHex(md.digest());

        } catch (IllegalStateException e) { 
            return (null); 
        } catch (NoSuchAlgorithmException e) { 
            return (null); 
        } 
    }

    private String toHex(byte buffer[])
    {
        StringBuffer sb = new StringBuffer(buffer.length * 2);
        for(int i = 0; i < buffer.length; i++)
        {
            sb.append(Character.forDigit((buffer[i] & 0xf0) >> 4, 16));
            sb.append(Character.forDigit(buffer[i] & 0xf, 16));
        }

        return sb.toString();
    }
}

 

  4. Java BaseProcessor (BaseProcessor.java)

public class BaseProjectRoomProcessor {
   ......
   public String process(WorkContext oCTX){
   ......
   }


    protected boolean validateToken(WorkContext oCTX, String action){
        TokenProcessor token = TokenProcessor.getInstance();
        if(!token.isTokenValid(oCTX, action)){
        	token.resetToken(oCTX, action);
        	return false;
        } else {
        	token.saveToken(oCTX, action);
        	return true;
        }
    }
}

 5. Java BaseResponseProcessor (BaseResponseProcessor.java)

public class BaseProjectRoomResponseProcessor{
   ......
   public String process(WorkContext oCTX){
   ......
   }
    protected void initToken(WorkContext oCTX, String action){
    	String tokenId = null;
    	TokenProcessor token = TokenProcessor.getInstance();
    	if(action == null){
    		tokenId = (String)oCTX.getUserData(CommonConstants.TRANSACTION_TOKEN_KEY);
            if(tokenId == null){
            	token = TokenProcessor.getInstance();
            	token.saveToken(oCTX);
            	oCTX.putRequestData(CommonConstants.TOKEN_KEY, oCTX.getUserData(CommonConstants.TRANSACTION_TOKEN_KEY));
            }else{
            	oCTX.putRequestData(CommonConstants.TOKEN_KEY, oCTX.getUserData(CommonConstants.TRANSACTION_TOKEN_KEY));
            }
    	}else{
    		tokenId = (String)oCTX.getUserData(action + CommonConstants.TRANSACTION_TOKEN_KEY);
            if(tokenId == null){
            	token = TokenProcessor.getInstance();
            	token.saveToken(oCTX, action);
            	oCTX.putRequestData(CommonConstants.TOKEN_KEY, oCTX.getUserData(action + CommonConstants.TRANSACTION_TOKEN_KEY));
            }else{
            	oCTX.putRequestData(CommonConstants.TOKEN_KEY, oCTX.getUserData(action + CommonConstants.TRANSACTION_TOKEN_KEY));
            }
    	}
    	
    }
}

 

6. Java YourResponseProcessor (YourResponseProcessor.java)

public class XXXXResponseProcessor extends BaseResponseProcessor {
......
......
protected String doAction(WorkContext oCTX) throws Exception {
......


        if (xxxx) {        	
              	this.initToken(oCTX, "Your Action Name");
        }
......


}

 

 

7. Java YourActionProcessor(YourActionProcessor.java)

public class XXXXProcessor extends BaseProcessor{
......

......

protected String doAction(WorkContext oCTX) throws Exception {
.....
        String action = (String)oCTX.getRequestParameter(ProgressSummaryConstants.ACTION);
        if(!this.validateToken(oCTX, action)){ 
        	return ProgressSummaryConstants.DONE;
        }

......
}

 

评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值