The broad steps are divided into:
1. Generate random numbers in Java and put them in the header of HTTP
String token = identityutil.uuid32 ();
Getrequest (). GetSession (). SetAttribute ("Server_token", token);
2. Put the generated tokens in the hidden field,
String html = "<input type=\" hidden\ "id=\" puff_beetl_client_token\ "name=\" puff_beetl_client_token\ "autocomplete =\ "off\" value=\ "+ token +" \ "/>";
try {
Ctx.byteWriter.writeString (HTML);
} catch (IOException e) {
E.printstacktrace ();
}
Output to the page;
3. Write an interceptor, and the token from the page is matched to the Java generated token;
public void intercept (Dispatcherexecutor executor) {
String Server_token = puffcontext.removesessionattr ("Server_token");
String Client_token = Puffcontext.getrequest (). GetHeader ("Puff-clienttoken");
if (Stringutil.empty (server_token) | | Stringutil.empty (Client_token) | | !server_token.equals (Client_token)) {
if (Puffcontext.ajax ()) {
Retmsg msg = Retmsg.error (retcode.illegal_submit, "illegal form submission request! ");
Puffcontext.getresponse (). SetHeader ("Illegal_submit", "yes");
Executor.setresult (Viewfactory.json (msg));
} else {
throw new IllegalArgumentException ("illegal form submission request! ");
}
} else {
Executor.execute ();
}
If it matches. Regenerate token-to-page to prevent duplicate submissions
String token = identityutil.uuid32 ();
Puffcontext.setsessionattribute ("Server_token", token);
Puffcontext.getresponse (). SetHeader ("Server_token", token);
}
4. Page
$.ajax ({
URL: "${ctxpath}/xx",
data:$ (' #form '). Serialize (),
Type: "POST",
DataType: "JSON",
Beforesend:function (Request) {
Put tokens in the HTTP header
Request.setrequestheader ("Puff-clienttoken", $ ("#puff_beetl_client_token"). Val ());
},
Success:function (data) {
if (data.code== "403") {
Layer.close (index);
POPBOX.SUREWITHBTN (DATA.MSG);
}else{
var msg=eval ("(" +data.msg+ ")");
var Code=msg.code;
if (code==success) {
Layer.close (index);
Window.location.href= "${ctxpath}/success;
}else{
Flag=false;
Layer.close (index);
POPBOX.SUREWITHBTN (Msg.message);
}
}
},
Complete:function (Request) {
if (!flag) {//Commit succeeds, does not change HTTP header header, that is, when failed to re-place tokens in the HTTP header
$ ("#puff_beetl_client_token"). Val (Request.getresponseheader ("Server_token"));
}
},
Error:function () {
Layer.close (index);
}});
Form form submission, prevent duplicate submissions, add token