package cn.com.form;import java.io.IOException;import java.security.MessageDigest;import java.security.NoSuchAlgorithmException;import java.util.Random;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import sun.misc.BASE64Encoder;//產生表單public class FormServlet extends HttpServlet {  private static final long serialVersionUID = 1L;  protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {    //產生隨機數    TokenProcessor tp=TokenProcessor.getInstance();    String token=tp.generateToken();    request.getSession().setAttribute("token", token);    request.getRequestDispatcher("/form.jsp").forward(request, response);  }  protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {    doGet(request,response);  }}class TokenProcessor//令牌{  /*   * 1.把構造函數私有   * 2.自己創建一個   * 3.對外暴露一個方法，允許獲取上面創建的對象   * */  private static final TokenProcessor instance=new TokenProcessor();  private TokenProcessor(){}  public static TokenProcessor getInstance()  {    return instance;  }  public String generateToken()  {    String token=System.currentTimeMillis()+new Random().nextInt()+"";    try {      MessageDigest md=MessageDigest.getInstance("md5");      byte[] md5=md.digest(token.getBytes());      //base64編碼      BASE64Encoder encoder=new BASE64Encoder();      return encoder.encode(md5);    } catch (NoSuchAlgorithmException e) {      // TODO Auto-generated catch block      throw new RuntimeException(e);    }  }}

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>My JSP 'form.jsp' starting page</title>  <meta http-equiv="pragma" content="no-cache">  <meta http-equiv="cache-control" content="no-cache">  <meta http-equiv="expires" content="0">   <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">  <meta http-equiv="description" content="This is my page">  <!--  <link rel="stylesheet" type="text/css" href="styles.css">  --> </head> <body>   <form action="/Session/DoForm" method="post">     <input type="hidden" name="token" value="${token}">     用戶名：<input type="text" name="userName">     <input type="submit" value="提交">   </form> </body></html>

package cn.com.form;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/** * Servlet implementation class DoForm * 處理表單提交的請求 *  */public class DoForm extends HttpServlet {  private static final long serialVersionUID = 1L;  protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {    /*String userName=request.getParameter("userName");    try {      Thread.sleep(1000*3);    } catch (InterruptedException e) {      // TODO Auto-generated catch block      e.printStackTrace();    }    System.out.println("向數據庫提交注冊用戶...");    */    boolean b=isTokenValid(request);    if(!b)    {      System.out.println("請不要重復提交！");      return;    }    request.getSession().removeAttribute("token");    System.out.println("向數據庫中注冊用戶==");  }  private boolean isTokenValid(HttpServletRequest request) {    String client_token=request.getParameter("token");    if(client_token==null)    {      return false;    }    String server_token=(String)request.getSession().getAttribute("token");    if(server_token==null)    {      return false;    }    if(!client_token.equals(server_token))    {      return false;    }    return true;  }  protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {    doGet(request,response);  }}