Java????????????
???????????? ???????[ 2012/9/21 10:23:12 ] ????????
????????????java???
????B/S????????????У????????????????????????????????????????????????????????????????????????????????п????????????????????????????????????????????????????????????????????????????????????????????????????????????
???????????
????1??????????е???Refresh/Reload/Back/Forward???????????Back??Submit?????????????reloading??????????
????2???????????????????????????????????????????????????????????????????(???????????)??
????3???ù?????й??????
?????????γ??·??
????1????basic filter??????????
????if(true){//????1?????????????????
??????..
????chain.doFilter(request??response);
????}else{
????//????2???????????????????????????
????}
????2?????????????
????a?????????????/?????????
????b????js?????????????????????????????????????????ж?????????
????var flag=true;
????function checkForm(){
????if (flag==false){
????return;
????}
????flag=false;
????document.form1.submit();
????}
????c??struts (webwork?????????????)
????//????????????????????????session?б?????????????input??????????????????
??????action?У?
????//
????if (!isTokenValid(request))
????errors.add(ActionErrors.GLOBAL_ERROR??
????new ActionError(“error.transaction.token”));
????resetToken(request); //???session?е?????
????action????????????????????????
????protected String generateToken(HttpServletRequest request) {
????HttpSession session = request.getSession();
????try {
????byte id[] = session.getId().getBytes();
????byte now[] =
????new Long(System.currentTimeMillis()).toString().getBytes();
????MessageDigest md = MessageDigest.getInstance(“MD5”);
????md.update(id);
????md.update(now);
????return (toHex(md.digest()));
????} catch (IllegalStateException e) {
????return (null);
????} catch (NoSuchAlgorithmException e) {
????return (null);
????}
????}
????d??????????????????????????????????????п????????????????????????form???????????????????????????????????????????????????????????????????????????????????????form????????Щ??????????????????????Щ??????????????????????????servlet???????????????????????
??????????(Synchronizer (or Dvu) Token)
???????????????????????form???????????????????????????????Session?У???????????????????????form?С??? form???????form?е????????Session?е???????????????form???????????????????????????????????????????????form??????????????????????????????????form????????????????е??????????????????????form???????????????????
??????????棬?????????????????????????????????????????????????????£?
??????????棬?????????????????????????????????????????????????????£?Session?е??????????????μ??????????????form??
?????????????????????????????Щ??????????????????????????????????????????磬??????????????????????A?????????У?????? A???????????B??C?????????????????????????????A?????????????????????????????????????????????????????????????????????????????????????????????
????e???????hidden???????????????????????????session??????ж?session??????
?????????????
????1????????????????????Form?????????????hidden???????????????page?????????ж??????????????????(?? struts????????);????????button?????????ж?(struts?к??????)??????????????????????hidden text????????????????????
????2????basic filter?и???????hidden text??ж????????????
????3??javascript???????????????????????????????ж??????????????????hidden text?????????????ù???????á?
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11