本文介绍了使用Struts框架防止Web应用中重复提交的方法。通过客户端和服务端双重验证机制,利用Token来确保表单提交的有效性和唯一性。文章详细解释了如何生成、验证Token,并在用户界面上采取措施避免重复提交。
[size=18]原文:[url]http://www.kpwang.com/pc/view_e.jsp?board_id=1&article_id=1106127144019[/url]
the other resource is more better
[url]http://www.learntechnology.net/content/struts/struts_token.jsp[/url]
Use Struts Token mechanism submitted to repeat Form
Struts Token (Token) Form mechanism can be used to solve the problem of duplication. basic tenets are : the server in handling the request arrived, Token request will be included in the value and preservation of the current user session token value, to see whether they match. Handle the request, and in reply sent to the client, will have a new token. Apart from the token pass Client, users will be preserved conversation replace the old token. If such users have retreated back to the author's page and again, Chuan up on the client and server side of the Token Token inconsistent, so as to effectively prevent the occurrence of multiple submissions. . Kunpeng Network
. Kunpeng Network
In fact,
time is two points : Firstly, you need to have the token value in the request, the request of token value preservation. In fact, on the page and we usually retain some of the same information through the hidden field to the depositary, in the form such as :"input type="hidden"name="org.apache.struts.taglib.html.TOKEN"value="6aa35341f25184fd996c4c918255c3ae"> TokenProcessor category is the value of generateToken () agreed. According to current users and is the current session id long time to calculate the value. Client : In the second submission, we should judge whether the value of the request and the server contains the same token, submitted for each server will generate new Token, so if it is submitted to repeat. Client Server and the value of the Token Token value will be inconsistent. Now, to be inserted in the database data to illustrate how to prevent a repeat submitted.
Action in the add methods, we need to preserve the page Token value of a specific demand. increased only one sentence : saveToken (request); ,
as follows :
Public ActionForward add (ActionMapping mapping. ActionForm form.
HttpServletRequest request. HttpServletResponse response)
4003rd omitted from the front to deal with the
saveToken (request);
Return mapping.findForward ("add");
Action in the insert method), According to the Form Token Token value and the value of the server, as follows :
[code]Public ActionForward insert (ActionMapping mapping. ActionForm form.
HttpServletRequest request. HttpServletResponse response)
If (isTokenValid (request, true)) (
4003rd submit Form not repeat the
// here is the preservation of data codes"
} else --
4003rd submit Form repeat
saveToken (request);
4003rd other processing code
}
}[/code]
222222222222222222222222222222222222222222222222222222222222222222222
1. Duplicate submission, duplicate set the scene
duplicate submission, duplicate set of records are to solve the problem of redundant systems. In other words, a person to submit a certain number of records (Why? Perhaps it is no idle matter of the stem; Most likely it will be submitted to the users simply do not know whether the results had been carried out?).
However, there is a need to address the problem and not depend on your development system category. For example, you took over is a resource management system, the system itself from the point of view of demand, it does not allow a"repeat"of the record in such demand constraints, The move will trigger a repeat submitted to the implementation of the"Business Class"production it is simply impossible to implement successfully avoid indifferent to avoid the problem.
2. Retreat from the scene to prevent"a repeat
understanding set to repeat the scene. Let's take a look"to prevent the retreat of"operational reasons what is it? For instance, one in the development of a voting system, it has many steps, and there was a link between these steps. For example, certain information will be sent first to second, second cache of such information, also sent its own message to the third stage. . . . . And so on, users at the third step at this time, we imagine a naughty user hits the back button users. For the second time screen steps pages, he amended or re-submission access to the next step (which is the third step), the error will have in this? ! What mistakes? This is the most typical example of the operation of information directly led to the loss for the first step! (If this information is then stored on Request. Of course, you can be stored in the greater context or environment Session, But this is not a good idea! Information stored on the issue until a detailed discussion on this issue)
3. The problem of how to handle the
course, many of the systems (such as booking system is to allow individuals to repeat the demand for reservations) must be updated to avoid duplication. duplicate submission, and to prevent back problems, but even that is the problem, have to deal with the distinction between how and where (the Internet tells you how to handle But rarely distinguish where treatment), obviously dealing with the client or server is nothing more than two. and the different ways to handle the position is different, but one thing to declare : Any client (especially B/S end) are dealing with can not be trusted. is the best and most server should handle the matter.
Client processing :
Client Script we can use Javascript to face to resolve, as
1. Set to repeat, repeat submitted
Ways One : the establishment of a variable, allowing only one submission.
[code]<script language="javascript">
Var = false; checkSubmit***
CheckSubmit function () (
If (checkSubmit*** ====== true) (
Return false;
}
CheckSubmit*** = true;
Return true;
}
Docondblclick document.ondblclick = function () (
Window.event.returnValue = false;
}
Doconclick document.onclick = function () (
If (checkSubmit***) (
Window.event.returnValue = false;
}
}
</script>
<html:form action="myAction.do"method="post"οnsubmit="return checkSubmit();">
Way Two : to be submitted to the Home button to disable or image
<html:form action="myAction.do"method="post"
Onsubmit="getElById ( 'submitInput'). Disabled = true; return true;">
<html:image styleId="submitInput"src="images/ok_b.gif"border="0"/>
</html:form>[/code]
2. Prevent users retreat
here is wonderful, some of the historical record of changes to the browser. For example, the use of window.history.forward (); Some of the"new page with the URL to replace the current historical records, the historical record on this visit is only one page. buttons will never retreat into useable."For example, the use of Javascript : location.replace (this.href); event.returnValue=false;
2. Server processing (Here I will only deal with the Struts Framework)
Using synchrotron Token (Token) mechanism to solve the problem of Web application repeat, Struts also gives a reference implementation.
Basic tenets :
Before arriving in the server request. Token request will be included in the value and preservation of the current user session token value,
See whether or not matching. Handle the request, and in reply sent to the client, will have a new token. Apart from the token pass
Client, users will be preserved conversation replace the old token. If such users have retreated to the back pages and re-submit
tabled, Chuan up on the client and server side of the Token Token inconsistent, so as to effectively prevent the occurrence of multiple submissions.
If (isTokenValid (request, true)) (
4003rd your code here
Return mapping.findForward ("success");
) Else (
SaveToken (request);
Return mapping.findForward ("submitagain");
}
Conversation ID Struts users and the current system time to generate a unique (for each conversation) Token. achieve specific reference"to the category
TokenProcessor generateToken () method.
1. 4003rd Token Verification Service control,"html : form"logo will be automatically generated based on an implicit input session which represents token, twice to prevent the
2. In action :
// //<input type="hidden"name="org.apache.struts.taglib.html.TOKEN"
4003rd value="6aa35341f25184fd996c4c918255c3ae""
If (!isTokenValid (request))
Errors.add (ActionErrors.GLOBAL_ERROR,
New ActionError ("error.transaction.token"));
ResetToken (request); 4003rd delete the token session
3. This action is a method for generating token
protected String generateToken (HttpServletRequest request) (
HttpSession session = request.getSession ();
Try (
Id[] session.getId byte = (). GetBytes ();
= Byte now[]
New Long (System.currentTimeMillis ()). ToString (). GetBytes ();
MessageDigest md = MessageDigest.getInstance ("MD5");
Md.update (id);
Md.update (now);
Return (toHex (md.digest ()));
) Catch (IllegalStateException e) (
Return (null);
) Catch (NoSuchAlgorithmException e) (
Return (null);
}
}
Aggregate
submitted for repeat, repeat set. prevent regression, etc. are all systems need to be addressed in order to avoid duplication of records. deal with the needs of each client may propose appropriate solutions. But it is only in the server for testing the authenticity of the data. Token-based processing is the method once and for all.
Meanwhile, we also see that to look at problems from a different perspective, the solution is different. Client users more pursuit of the operation and services will focus on the data processing end. Therefore, in a seemingly easy question for the server, client used to solve a lot of trouble! Instead still. Therefore, we need to deal with certain issues in a comprehensive consideration and balance, which is used to solve client? Or a server to handle
Use Struts Token mechanism submitted to repeat Form [/size][b]
the other resource is more better
[url]http://www.learntechnology.net/content/struts/struts_token.jsp[/url]
Use Struts Token mechanism submitted to repeat Form
Struts Token (Token) Form mechanism can be used to solve the problem of duplication. basic tenets are : the server in handling the request arrived, Token request will be included in the value and preservation of the current user session token value, to see whether they match. Handle the request, and in reply sent to the client, will have a new token. Apart from the token pass Client, users will be preserved conversation replace the old token. If such users have retreated back to the author's page and again, Chuan up on the client and server side of the Token Token inconsistent, so as to effectively prevent the occurrence of multiple submissions. . Kunpeng Network
. Kunpeng Network
In fact,
time is two points : Firstly, you need to have the token value in the request, the request of token value preservation. In fact, on the page and we usually retain some of the same information through the hidden field to the depositary, in the form such as :"input type="hidden"name="org.apache.struts.taglib.html.TOKEN"value="6aa35341f25184fd996c4c918255c3ae"> TokenProcessor category is the value of generateToken () agreed. According to current users and is the current session id long time to calculate the value. Client : In the second submission, we should judge whether the value of the request and the server contains the same token, submitted for each server will generate new Token, so if it is submitted to repeat. Client Server and the value of the Token Token value will be inconsistent. Now, to be inserted in the database data to illustrate how to prevent a repeat submitted.
Action in the add methods, we need to preserve the page Token value of a specific demand. increased only one sentence : saveToken (request); ,
as follows :
Public ActionForward add (ActionMapping mapping. ActionForm form.
HttpServletRequest request. HttpServletResponse response)
4003rd omitted from the front to deal with the
saveToken (request);
Return mapping.findForward ("add");
Action in the insert method), According to the Form Token Token value and the value of the server, as follows :
[code]Public ActionForward insert (ActionMapping mapping. ActionForm form.
HttpServletRequest request. HttpServletResponse response)
If (isTokenValid (request, true)) (
4003rd submit Form not repeat the
// here is the preservation of data codes"
} else --
4003rd submit Form repeat
saveToken (request);
4003rd other processing code
}
}[/code]
222222222222222222222222222222222222222222222222222222222222222222222
1. Duplicate submission, duplicate set the scene
duplicate submission, duplicate set of records are to solve the problem of redundant systems. In other words, a person to submit a certain number of records (Why? Perhaps it is no idle matter of the stem; Most likely it will be submitted to the users simply do not know whether the results had been carried out?).
However, there is a need to address the problem and not depend on your development system category. For example, you took over is a resource management system, the system itself from the point of view of demand, it does not allow a"repeat"of the record in such demand constraints, The move will trigger a repeat submitted to the implementation of the"Business Class"production it is simply impossible to implement successfully avoid indifferent to avoid the problem.
2. Retreat from the scene to prevent"a repeat
understanding set to repeat the scene. Let's take a look"to prevent the retreat of"operational reasons what is it? For instance, one in the development of a voting system, it has many steps, and there was a link between these steps. For example, certain information will be sent first to second, second cache of such information, also sent its own message to the third stage. . . . . And so on, users at the third step at this time, we imagine a naughty user hits the back button users. For the second time screen steps pages, he amended or re-submission access to the next step (which is the third step), the error will have in this? ! What mistakes? This is the most typical example of the operation of information directly led to the loss for the first step! (If this information is then stored on Request. Of course, you can be stored in the greater context or environment Session, But this is not a good idea! Information stored on the issue until a detailed discussion on this issue)
3. The problem of how to handle the
course, many of the systems (such as booking system is to allow individuals to repeat the demand for reservations) must be updated to avoid duplication. duplicate submission, and to prevent back problems, but even that is the problem, have to deal with the distinction between how and where (the Internet tells you how to handle But rarely distinguish where treatment), obviously dealing with the client or server is nothing more than two. and the different ways to handle the position is different, but one thing to declare : Any client (especially B/S end) are dealing with can not be trusted. is the best and most server should handle the matter.
Client processing :
Client Script we can use Javascript to face to resolve, as
1. Set to repeat, repeat submitted
Ways One : the establishment of a variable, allowing only one submission.
[code]<script language="javascript">
Var = false; checkSubmit***
CheckSubmit function () (
If (checkSubmit*** ====== true) (
Return false;
}
CheckSubmit*** = true;
Return true;
}
Docondblclick document.ondblclick = function () (
Window.event.returnValue = false;
}
Doconclick document.onclick = function () (
If (checkSubmit***) (
Window.event.returnValue = false;
}
}
</script>
<html:form action="myAction.do"method="post"οnsubmit="return checkSubmit();">
Way Two : to be submitted to the Home button to disable or image
<html:form action="myAction.do"method="post"
Onsubmit="getElById ( 'submitInput'). Disabled = true; return true;">
<html:image styleId="submitInput"src="images/ok_b.gif"border="0"/>
</html:form>[/code]
2. Prevent users retreat
here is wonderful, some of the historical record of changes to the browser. For example, the use of window.history.forward (); Some of the"new page with the URL to replace the current historical records, the historical record on this visit is only one page. buttons will never retreat into useable."For example, the use of Javascript : location.replace (this.href); event.returnValue=false;
2. Server processing (Here I will only deal with the Struts Framework)
Using synchrotron Token (Token) mechanism to solve the problem of Web application repeat, Struts also gives a reference implementation.
Basic tenets :
Before arriving in the server request. Token request will be included in the value and preservation of the current user session token value,
See whether or not matching. Handle the request, and in reply sent to the client, will have a new token. Apart from the token pass
Client, users will be preserved conversation replace the old token. If such users have retreated to the back pages and re-submit
tabled, Chuan up on the client and server side of the Token Token inconsistent, so as to effectively prevent the occurrence of multiple submissions.
If (isTokenValid (request, true)) (
4003rd your code here
Return mapping.findForward ("success");
) Else (
SaveToken (request);
Return mapping.findForward ("submitagain");
}
Conversation ID Struts users and the current system time to generate a unique (for each conversation) Token. achieve specific reference"to the category
TokenProcessor generateToken () method.
1. 4003rd Token Verification Service control,"html : form"logo will be automatically generated based on an implicit input session which represents token, twice to prevent the
2. In action :
// //<input type="hidden"name="org.apache.struts.taglib.html.TOKEN"
4003rd value="6aa35341f25184fd996c4c918255c3ae""
If (!isTokenValid (request))
Errors.add (ActionErrors.GLOBAL_ERROR,
New ActionError ("error.transaction.token"));
ResetToken (request); 4003rd delete the token session
3. This action is a method for generating token
protected String generateToken (HttpServletRequest request) (
HttpSession session = request.getSession ();
Try (
Id[] session.getId byte = (). GetBytes ();
= Byte now[]
New Long (System.currentTimeMillis ()). ToString (). GetBytes ();
MessageDigest md = MessageDigest.getInstance ("MD5");
Md.update (id);
Md.update (now);
Return (toHex (md.digest ()));
) Catch (IllegalStateException e) (
Return (null);
) Catch (NoSuchAlgorithmException e) (
Return (null);
}
}
Aggregate
submitted for repeat, repeat set. prevent regression, etc. are all systems need to be addressed in order to avoid duplication of records. deal with the needs of each client may propose appropriate solutions. But it is only in the server for testing the authenticity of the data. Token-based processing is the method once and for all.
Meanwhile, we also see that to look at problems from a different perspective, the solution is different. Client users more pursuit of the operation and services will focus on the data processing end. Therefore, in a seemingly easy question for the server, client used to solve a lot of trouble! Instead still. Therefore, we need to deal with certain issues in a comprehensive consideration and balance, which is used to solve client? Or a server to handle
Use Struts Token mechanism submitted to repeat Form [/size][b]
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
