Turn: 79390980 ext: 78931420
The AVA backend generates tokens (tokens) to validate the client and prevent duplicate submissions
1. Overview: In Web projects, the server and the front end often need to interact with data, sometimes due to the slow network, the client submits some sensitive data (such as according to normal business logic, this data can only save one copy), if the front-end multiple Click submit button will result in multiple data submission, We are going to prevent this from happening.
2. Workaround:
① Front-end processing: After the submission via JS immediately hide or set the button is not available.
② Back-end processing: The data that is submitted to the background must be verified, that is, the token (a string of unique strings) carried by the front end and the backend checksum to determine whether the current data is valid.
3. Summary: The first method is relatively simple, but the safety factor is not high, the second method fundamentally solves the problem, so I recommend the second method
* * Token-generating tool class: */package Red.hearing.eval.modules.token; Import Java.security.messagedigest;import Java.security.nosuchalgorithmexception;import java.util.Random; Import Sun.misc.BASE64Encoder; /** * Token generation Tool class * @author zhous * @since 2018-2-23 13:59:27 * */public class Tokenproccessor {private Tokenproccessor () {}; Private static final Tokenproccessor instance = new Tokenproccessor (); public static Tokenproccessor getinstance () {return instance;}/** * Generate token * @return */public string Maketoken () {string token = (System.currenttimemillis () + new Random (). Nextint (999999999)) + ""; try {messagedigest MD = messagedigest.getinstance ("MD5"); byte md5[] = md.digest (token.getbytes ()); Base64encoder encoder = new Base64encoder (); return Encoder.encode (MD5);} catch (NoSuchAlgorithmException e) {//TODO auto-generated catch Blocke.printstacktrace ();} return null;}}
/** * */package Red.hearing.eval.modules.token; Import Javax.servlet.http.HttpServletRequest; Import Org.apache.commons.lang3.StringUtils; /** * Token Tool class * @author zhous * @since 2018-2-23 14:01:41 * */public class Tokentools {/** * Generate token into session * @param r Equest * @param tokenserverkey */public static void Createtoken (HttpServletRequest request,string tokenserverkey) { String token = tokenproccessor.getinstance (). Maketoken (); Request.getsession (). SetAttribute (Tokenserverkey, token);} /** * Remove token * @param request * @param tokenserverkey */public static void Removetoken (HttpServletRequest request,string Tokenserverkey) {request.getsession (). removeattribute (Tokenserverkey);} /** * Determine if the token in the request parameter is consistent with the session * @param request * @param tokenclientkey * @param tokenserverkey * @return */public Stati C Boolean judgetokenisequal (HttpServletRequest request,string tokenclientkey,string tokenserverkey) {String Token_ Client = Request.getparameter (Tokenclientkey); if (Stringutils.isempty (token_client)) {return false;} String token_server = (string) request.getsession (). getattribute (Tokenserverkey); if (Stringutils.isempty (token_ Server) {return false;} if (!token_server.equals (token_client)) {return false;} return true;}}
The Java backend generates tokens (tokens) for validating clients and preventing duplicate submissions