JavaWeb中HttpSession中表单的重复提交示例

packagecom.lsy.javaweb;

importjavax.servlet.http.HttpServletRequest;

importjavax.servlet.http.HttpSession;

importjava.security.MessageDigest;

importjava.security.NoSuchAlgorithmException;

publicclassTokenProcessor {

  privatestaticfinalString TOKEN_KEY ="TOKEN_KEY";

  privatestaticfinalString TRANSACTION_TOKEN_KEY ="TRANSACTION_TOKEN_KEY";

  /**

   * The singleton instance of this class.

   */

  privatestaticTokenProcessor instance =newTokenProcessor();

  /**

   * The timestamp used most recently to generate a token value.

   */

  privatelongprevious;

  /**

   * Protected constructor for TokenProcessor. Use

   * TokenProcessor.getInstance() to obtain a reference to the processor.

   */

  protectedTokenProcessor() {

    super();

  }

  /**

   * Retrieves the singleton instance of this class.

   */

  publicstaticTokenProcessor getInstance() {

    returninstance;

  }

  /**

   *

   * Return true if there is a transaction token stored in the

   * user's current session, and the value submitted as a request parameter

   * with this action matches it. Returns false under any of the

   * following circumstances:

   *

   *

   *

   *

   *

• No session associated with this request

   *

   *

• No transaction token saved in the session

   *

   *

• No transaction token included as a request parameter

   *

   *

• The included transaction token value does not match the transaction

   * token in the user's session

   *

   *

   *

   * @param request

   *      The servlet request we are processing

   */

  publicsynchronizedbooleanisTokenValid(HttpServletRequest request) {

    returnthis.isTokenValid(request,false);

  }

  /**

   * Return true if there is a transaction token stored in the

   * user's current session, and the value submitted as a request parameter

   * with this action matches it. Returns false

   *

   *

   *

   *

• No session associated with this request

   *

• No transaction token saved in the session

   *

   *

• No transaction token included as a request parameter

   *

   *

• The included transaction token value does not match the transaction

   * token in the user's session

   *

   *

   *

   * @param request

   *      The servlet request we are processing

   * @param reset

   *      Should we reset the token after checking it?

   */

  publicsynchronizedbooleanisTokenValid(HttpServletRequest request,booleanreset) {

    // Retrieve the current session for this request

    HttpSession session = request.getSession(false);

    if(session ==null) {

      returnfalse;

    }

    // Retrieve the transaction token from this session, and

    // reset it if requested

    String saved = (String) session.getAttribute(TRANSACTION_TOKEN_KEY);

    if(saved ==null) {

      returnfalse;

    }

    if(reset) {

      this.resetToken(request);

    }

    // Retrieve the transaction token included in this request

    String token = request.getParameter(TOKEN_KEY);

    if(token ==null) {

      returnfalse;

    }

    returnsaved.equals(token);

  }

  /**

   * Reset the saved transaction token in the user's session. This indicates

   * that transactional token checking will not be needed on the next request

   * that is submitted.

   *

   * @param request

   *      The servlet request we are processing

   */

  publicsynchronizedvoidresetToken(HttpServletRequest request) {

    HttpSession session = request.getSession(false);

    if(session ==null) {

      return;

    }

    session.removeAttribute(TRANSACTION_TOKEN_KEY);

  }

  /**

   * Save a new transaction token in the user's current session, creating a

   * new session if necessary.

   *

   * @param request

   *      The servlet request we are processing

   */

  publicsynchronizedString saveToken(HttpServletRequest request) {

    HttpSession session = request.getSession();

    String token = generateToken(request);

    if(token !=null) {

      session.setAttribute(TRANSACTION_TOKEN_KEY, token);

    }

    returntoken;

  }

  /**

   * Generate a new transaction token, to be used for enforcing a single

   * request for a particular transaction.

   *

   * @param request

   *      The request we are processing

   */

  publicsynchronizedString generateToken(HttpServletRequest request) {

    HttpSession session = request.getSession();

    returngenerateToken(session.getId());

  }

  /**

   * Generate a new transaction token, to be used for enforcing a single

   * request for a particular transaction.

   *

   * @param id

   *      a unique Identifier for the session or other context in which

   *      this token is to be used.

   */

  publicsynchronizedString generateToken(String id) {

    try{

      longcurrent = System.currentTimeMillis();

      if(current == previous) {

        current++;

      }

      previous = current;

      byte[] now =newLong(current).toString().getBytes();

      MessageDigest md = MessageDigest.getInstance("MD5");

      md.update(id.getBytes());

      md.update(now);

      returntoHex(md.digest());

    }catch(NoSuchAlgorithmException e) {

      returnnull;

    }

  }

  /**

   * Convert a byte array to a String of hexadecimal digits and return it.

   *

   * @param buffer

   *      The byte array to be converted

   */

  privateString toHex(byte[] buffer) {

    StringBuffer sb =newStringBuffer(buffer.length *2);

    for(inti =0; i < buffer.length; i++) {

      sb.append(Character.forDigit((buffer[i] &0xf0) >>4,16));

      sb.append(Character.forDigit(buffer[i] &0x0f,16));

    }

    returnsb.toString();

  }

}