Java????????????
???????????? ???????[ 2012/9/21 10:23:12 ] ????????
????????????java???
????B/S????????????校????????????????????????????????????????????????????????????????????????????????锌????????????????????????????????????????????????????????????????????????????????????????????????????????????
???????????
????1??????????械???Refresh/Reload/Back/Forward???????????Back??Submit?????????????reloading??????????
????2???????????????????????????????????????????????????????????????????(???????????)??
????3???霉?????泄??????
?????????纬??路??
????1????basic filter??????????
????if(true){//????1?????????????????
??????..
????chain.doFilter(request??response);
????}else{
????//????2???????????????????????????
????}
????2?????????????
????a?????????????/?????????
????b????js?????????????????????????????????????????卸?????????
????var flag=true;
????function checkForm(){
????if (flag==false){
????return;
????}
????flag=false;
????document.form1.submit();
????}
????c??struts (webwork?????????????)
????//????????????????????????session?斜?????????????input??????????????????
??????action?校?
????//
????if (!isTokenValid(request))
????errors.add(ActionErrors.GLOBAL_ERROR??
????new ActionError(“error.transaction.token”));
????resetToken(request); //???session?械?????
????action????????????????????????
????protected String generateToken(HttpServletRequest request) {
????HttpSession session = request.getSession();
????try {
????byte id[] = session.getId().getBytes();
????byte now[] =
????new Long(System.currentTimeMillis()).toString().getBytes();
????MessageDigest md = MessageDigest.getInstance(“MD5”);
????md.update(id);
????md.update(now);
????return (toHex(md.digest()));
????} catch (IllegalStateException e) {
????return (null);
????} catch (NoSuchAlgorithmException e) {
????return (null);
????}
????}
????d??????????????????????????????????????锌????????????????????????form???????????????????????????????????????????????????????????????????????????????????????form????????些??????????????????????些??????????????????????????servlet???????????????????????
??????????(Synchronizer (or Dvu) Token)
???????????????????????form???????????????????????????????Session?校???????????????????????form?小??? form???????form?械????????Session?械???????????????form???????????????????????????????????????????????form??????????????????????????????????form????????????????械??????????????????????form???????????????????
??????????妫�?????????????????????????????????????????????????????锟�?
??????????妫�?????????????????????????????????????????????????????锟�?Session?械??????????????渭??????????????form??
?????????????????????????????些??????????????????????????????????????????纾�??????????????????????A?????????校?????? A???????????B??C?????????????????????????????A?????????????????????????????????????????????????????????????????????????????????????????????
????e???????hidden???????????????????????????session??????卸?session??????
?????????????
????1????????????????????Form?????????????hidden???????????????page?????????卸??????????????????(?? struts????????);????????button?????????卸?(struts?泻??????)??????????????????????hidden text????????????????????
????2????basic filter?懈???????hidden text??卸????????????
????3??javascript???????????????????????????????卸??????????????????hidden text?????????????霉???????谩?
??????
???路???
??????????????????
2023/3/23 14:23:39???写?貌??????????
2023/3/22 16:17:39????????????????????些??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???路???????路
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com