The function and realization of token technology

token function and its technology and its realization now we know that there are two kinds of token functions: 1. Prevent forms from being submitted repeatedly 2. Used for authentication 1. Here's how to use this

The following is a code demonstration based on the above process
I wrote two pages. One is the homepage will jump to add page the second is to add a page simulate user submit data scene

Description under token generally placed in the hidden field here convenient for everyone to see no hidden

main description of the background of the Code
Token actually, as long as it's any string. The UUID is the universal unique identifier, and a different UUID is generated each time the request goes to the Add page (token)

Jump to add page @RequestMapping ("/add.do") public String Add (httpservletrequest request,httpservletresponse response) {
        Generate token UUID token=uuid.randomuuid ();
        SYSTEM.OUT.PRINTLN ("token value" +token);
        Put in session request.getsession (). setattribute ("token", token.tostring ());
        Put it into the request scope and upload to the foreground request.setattribute ("token", token);
    return "Add"; }//Foreground through the token to @RequestMapping ("/addmessage.do") public synchronized String AddMessage (httpservletreques
        T request) {//Get the token Object token1=request.getsession (). getattribute ("token") in the session;
        Gets the token String token=request.getparameter ("token") coming through the foreground;
        System.out.println ("Token1 value" +token1);
        if (token1==null) {System.out.println ("commit error");
        else if (!token1.equals (token)) {SYSTEM.OUT.PRINTLN ("commit error");
            }else{SYSTEM.OUT.PRINTLN ("submitted successfully"); Remove session PreventRepeat Submit request.getsession (). RemoveAttribute ("token");
    Return ""; }

Background Display Results

Token value 589a5d93-ceab-4b95-9820-b9e6d980be6f
token1 value 589a5d93-ceab-4b95-9820-b9e6d980be6f
commit succeeded

2. Token based authentication

Using the Token authentication method, you do not need to store the user's logon record on the server side. The approximate process is this:
1. Client login using username and password
2. The server receives the request, verifies the user name and the password Authentication success, the service end will issue a Token, then sends this Token to the client
3. When the client receives the Token, it can store it, such as in the Cookie or in the local Storage, each time the client requests resources from the server, it needs to receive the request with the Token server that is issued by the server, and then verify the client request with the Token, If the validation succeeds, the requested data is returned to the client
read an article like Ofo inside also useful to token. At present, only know so much, there are problems can be commented, the message points out the common progress.