防止表单重复提交主要用的到标签是<s: token />,拦截器 <interceptor-ref name="token" />,还有一个默认的返回值<result name="invalid.token">/input.jsp</result>
在页面加载时,<s: token />产生一个GUID(Globally Unique Identifier,全局唯一标识符)值的隐藏输入框如:
在页面加载时,<s: token />产生一个GUID(Globally Unique Identifier,全局唯一标识符)值的隐藏输入框如:
- <input type="hidden" name="struts.token.name" value="struts.token"/>
- <input type="hidden" name="struts.token" value="BXPNNDG6BB11ZXHPI4E106CZ5K7VNMHR"/>
同时,将GUID放到会话(session)中;在执行action之前,“token”拦截器将会话token与请求token比较,如果两者相同,则将会话中的token删除并往下执行,否则向actionErrors加入错误信息。如此一来,如果用户通过某种手段提交了两次相同的请求,两个token就会不同。
以下为action代码
import com.opensymphony.xwork2.ActionSupport;
public class TestAction extends ActionSupport {
private static final long serialVersionUID = 6820659617470261780L;
private String message;
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
@Override
public String execute() {
System.out.println( "Executing action, your message is " + message);
return SUCCESS;
}
}
public class TestAction extends ActionSupport {
private static final long serialVersionUID = 6820659617470261780L;
private String message;
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
@Override
public String execute() {
System.out.println( "Executing action, your message is " + message);
return SUCCESS;
}
}
再看看JSP的写法
<
%@ page
language
="java"
contentType
="text/html; charset=utf-8"
pageEncoding
="utf-8" %
>
< %@ taglib prefix ="s" uri ="/struts-tags" % >
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
< html xmlns ="http://www.w3.org/1999/xhtml" >
< head >
< title >struts2 test token </title>
< s:head />
</head>
< body >
< s:actionerror />
< s:form action ="testAction" >
< s:textfield name ="message" label ="Message" />
< s:token /> < %-- 注意这里--% >
< s:submit />
</s:form>
</body>
</html>
< %@ taglib prefix ="s" uri ="/struts-tags" % >
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
< html xmlns ="http://www.w3.org/1999/xhtml" >
< head >
< title >struts2 test token </title>
< s:head />
</head>
< body >
< s:actionerror />
< s:form action ="testAction" >
< s:textfield name ="message" label ="Message" />
< s:token /> < %-- 注意这里--% >
< s:submit />
</s:form>
</body>
</html>
下面是struts2的配置文件
<?
xml
version
="1.0"
encoding
="UTF-8"
?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
< struts >
< package name ="test" extends ="struts-default" namespace ="/testToken" >
< action name ="test" class ="com.fhx.TestAction" >
< result name ="invalid.token" >/input.jsp </ result >
< result >/input.jsp </ result >
< interceptor-ref name ="defaultStack" />
< interceptor-ref name ="token" />
</ action >
</ package >
</ struts >
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
< struts >
< package name ="test" extends ="struts-default" namespace ="/testToken" >
< action name ="test" class ="com.fhx.TestAction" >
< result name ="invalid.token" >/input.jsp </ result >
< result >/input.jsp </ result >
< interceptor-ref name ="defaultStack" />
< interceptor-ref name ="token" />
</ action >
</ package >
</ struts >
以上XML片段值注意的是加入了“token”拦截器和“invalid.token”结果,因为“token”拦截器在会话token与请求token不一致时,将会直接返回“invalid.token”结果。
本文转自chainli 51CTO博客,原文链接:http://blog.51cto.com/lichen/213143,如需转载请自行联系原作者
