- 浏览: 2551867 次
- 性别:
- 来自: 成都
文章分类
最新评论
-
nation:
你好,在部署Mesos+Spark的运行环境时,出现一个现象, ...
Spark(4)Deal with Mesos -
sillycat:
AMAZON Relatedhttps://www.godad ...
AMAZON API Gateway(2)Client Side SSL with NGINX -
sillycat:
sudo usermod -aG docker ec2-use ...
Docker and VirtualBox(1)Set up Shared Disk for Virtual Box -
sillycat:
Every Half an Hour30 * * * * /u ...
Build Home NAS(3)Data Redundancy -
sillycat:
3 List the Cron Job I Have>c ...
Build Home NAS(3)Data Redundancy
Session and Strust2
Follow the guide from struts2, we can get session/request like this:
public class ShoppingCartInterceptor extends AbstractInterceptor
{
private static final long serialVersionUID = 1L;
public String intercept(ActionInvocation invocation) throws Exception
{
ActionContext actionContext = invocation.getInvocationContext();
HttpServletRequest request = (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);
Map<String, Object> session = actionContext.getSession();
if (this.isShoppingCartEmpty(request, session))
{
return invocation.invoke();
}
else
{
return ActionConstants.GLOBEL_SHOPPING_CART;
}
}
...snip...
But sometimes, when we continous to click the link of xxx.do, we will see (Aborted) in firfox firebug, and I have the session fixation security fitler to invalid the
old session of this xxx.do, and write back the jsession id to cookie use HttpServletRequestWrapper.
That is the problem, once see (Aborted) in firebug, my session data is lost.
Finally, I change the fixation session implemenatation as follow, do not invalid the old session immediately, just wait 90 seconds
static public void startNewSessionIfRequired(HttpServletRequest request, HttpServletResponse response,
boolean migrateSessionAttributes) {
// map to hold all the parameters
HashMap<String, Object> attributesToMigrate = null;
// get session, use false, if no session, do not create one here
HttpSession oldSession = request.getSession(false);
if (oldSession == null) {
// if no session, there is nothing we need to do here
return;
}
String originalSessionId = oldSession.getId();
if (log.isDebugEnabled()) {
log.debug("Invalidating session with Id '" + originalSessionId
+ "' " + (migrateSessionAttributes ? "and" : "without")
+ " migrating attributes.");
}
// save the attributes in map
if (migrateSessionAttributes) {
attributesToMigrate = new HashMap<String, Object>();
Enumeration<?> enumer = oldSession.getAttributeNames();
while (enumer.hasMoreElements()) {
String key = (String) enumer.nextElement();
attributesToMigrate.put(key, oldSession.getAttribute(key));
}
}
// kill the old session
//oldSession.invalidate();
oldSession.setMaxInactiveInterval(90);
HttpSession newSession = request.getSession(true); // we use true here to create a new session
if (log.isDebugEnabled()) {
log.debug("Started new session: " + newSession.getId());
}
// migrate the attribute to new session
if (attributesToMigrate != null) {
Iterator<?> iter = attributesToMigrate.entrySet().iterator();
while (iter.hasNext()) {
Map.Entry<?, ?> entry = (Entry<?, ?>) iter.next();
newSession.setAttribute((String) entry.getKey(), entry.getValue());
}
}
}
This is not good solution, but It works fine.
Oh, no, it just works fine for only one stores. Other stores are bad.
<interceptor-ref name="token" />
<result name="invalid.token">/token/submit.jsp</result>
<s:form action="../order/fetchprice.do" method="post" id="priceLoadingForm">
<s:token/>
<p><a href="###" onclick="return submitLoading();"><s:text name="FETCH_REFRESH_LINK_TEXT"/></a></p>
</s:form>
Even these codes do not sure me too.
Try the javascript way to avoid the repeat submit
<script language='javascript'>
var submit=0;
function CheckIsRepeat()
{
if (++submit>1)
{
return false;
}
var form = document.getElementById("loadingForm");
form.submit();
return true;
}
</script>
<!-- page title -->
<div id="content">
<p><s:text name="FETCH_PRICE_LOADING_CONTENT"/></p>
<div class="heightc"></div>
<form action="../order/fetchprice.do" id="loadingForm">
</form>
<p><a href="###" onclick="javascript:CheckIsRepeat();">Link</a></p>
</div>
It works, but there is plenty of work todo.
references:
http://jackzhangyunjie.iteye.com/blog/231205
http://blog.httpwatch.com/2008/01/28/what-does-aborted-mean-in-httpwatch/
http://www.iteye.com/problems/50744
http://www.iteye.com/topic/1124616
http://webservices.ctocio.com.cn/java/492/9189492.shtml
http://www.cnblogs.com/endisoft/archive/2007/04/10/707708.html
Follow the guide from struts2, we can get session/request like this:
public class ShoppingCartInterceptor extends AbstractInterceptor
{
private static final long serialVersionUID = 1L;
public String intercept(ActionInvocation invocation) throws Exception
{
ActionContext actionContext = invocation.getInvocationContext();
HttpServletRequest request = (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);
Map<String, Object> session = actionContext.getSession();
if (this.isShoppingCartEmpty(request, session))
{
return invocation.invoke();
}
else
{
return ActionConstants.GLOBEL_SHOPPING_CART;
}
}
...snip...
But sometimes, when we continous to click the link of xxx.do, we will see (Aborted) in firfox firebug, and I have the session fixation security fitler to invalid the
old session of this xxx.do, and write back the jsession id to cookie use HttpServletRequestWrapper.
That is the problem, once see (Aborted) in firebug, my session data is lost.
Finally, I change the fixation session implemenatation as follow, do not invalid the old session immediately, just wait 90 seconds
static public void startNewSessionIfRequired(HttpServletRequest request, HttpServletResponse response,
boolean migrateSessionAttributes) {
// map to hold all the parameters
HashMap<String, Object> attributesToMigrate = null;
// get session, use false, if no session, do not create one here
HttpSession oldSession = request.getSession(false);
if (oldSession == null) {
// if no session, there is nothing we need to do here
return;
}
String originalSessionId = oldSession.getId();
if (log.isDebugEnabled()) {
log.debug("Invalidating session with Id '" + originalSessionId
+ "' " + (migrateSessionAttributes ? "and" : "without")
+ " migrating attributes.");
}
// save the attributes in map
if (migrateSessionAttributes) {
attributesToMigrate = new HashMap<String, Object>();
Enumeration<?> enumer = oldSession.getAttributeNames();
while (enumer.hasMoreElements()) {
String key = (String) enumer.nextElement();
attributesToMigrate.put(key, oldSession.getAttribute(key));
}
}
// kill the old session
//oldSession.invalidate();
oldSession.setMaxInactiveInterval(90);
HttpSession newSession = request.getSession(true); // we use true here to create a new session
if (log.isDebugEnabled()) {
log.debug("Started new session: " + newSession.getId());
}
// migrate the attribute to new session
if (attributesToMigrate != null) {
Iterator<?> iter = attributesToMigrate.entrySet().iterator();
while (iter.hasNext()) {
Map.Entry<?, ?> entry = (Entry<?, ?>) iter.next();
newSession.setAttribute((String) entry.getKey(), entry.getValue());
}
}
}
This is not good solution, but It works fine.
Oh, no, it just works fine for only one stores. Other stores are bad.
<interceptor-ref name="token" />
<result name="invalid.token">/token/submit.jsp</result>
<s:form action="../order/fetchprice.do" method="post" id="priceLoadingForm">
<s:token/>
<p><a href="###" onclick="return submitLoading();"><s:text name="FETCH_REFRESH_LINK_TEXT"/></a></p>
</s:form>
Even these codes do not sure me too.
Try the javascript way to avoid the repeat submit
<script language='javascript'>
var submit=0;
function CheckIsRepeat()
{
if (++submit>1)
{
return false;
}
var form = document.getElementById("loadingForm");
form.submit();
return true;
}
</script>
<!-- page title -->
<div id="content">
<p><s:text name="FETCH_PRICE_LOADING_CONTENT"/></p>
<div class="heightc"></div>
<form action="../order/fetchprice.do" id="loadingForm">
</form>
<p><a href="###" onclick="javascript:CheckIsRepeat();">Link</a></p>
</div>
It works, but there is plenty of work todo.
references:
http://jackzhangyunjie.iteye.com/blog/231205
http://blog.httpwatch.com/2008/01/28/what-does-aborted-mean-in-httpwatch/
http://www.iteye.com/problems/50744
http://www.iteye.com/topic/1124616
http://webservices.ctocio.com.cn/java/492/9189492.shtml
http://www.cnblogs.com/endisoft/archive/2007/04/10/707708.html
发表评论
-
Update Site will come soon
2021-06-02 04:10 1678I am still keep notes my tech n ... -
Portainer 2020(4)Deploy Nginx and Others
2020-03-20 12:06 431Portainer 2020(4)Deploy Nginx a ... -
Private Registry 2020(1)No auth in registry Nginx AUTH for UI
2020-03-18 00:56 436Private Registry 2020(1)No auth ... -
Docker Compose 2020(1)Installation and Basic
2020-03-15 08:10 374Docker Compose 2020(1)Installat ... -
VPN Server 2020(2)Docker on CentOS in Ubuntu
2020-03-02 08:04 455VPN Server 2020(2)Docker on Cen ... -
Nginx Deal with OPTIONS in HTTP Protocol
2020-02-15 01:33 356Nginx Deal with OPTIONS in HTTP ... -
PDF to HTML 2020(1)pdftohtml Linux tool or PDFBox
2020-01-29 07:37 405PDF to HTML 2020(1)pdftohtml Li ... -
Elasticsearch Cluster 2019(2)Kibana Issue or Upgrade
2020-01-12 03:25 720Elasticsearch Cluster 2019(2)Ki ... -
Spark Streaming 2020(1)Investigation
2020-01-08 07:19 295Spark Streaming 2020(1)Investig ... -
Hadoop Docker 2019 Version 3.2.1
2019-12-10 07:39 294Hadoop Docker 2019 Version 3.2. ... -
MongoDB 2019(3)Security and Auth
2019-11-16 06:48 241MongoDB 2019(3)Security and Aut ... -
MongoDB 2019(1)Install 4.2.1 Single and Cluster
2019-11-11 05:07 294MongoDB 2019(1) Follow this ht ... -
Monitor Tool 2019(1)Monit Installation and Usage
2019-10-17 08:22 325Monitor Tool 2019(1)Monit Insta ... -
Ansible 2019(1)Introduction and Installation on Ubuntu and CentOS
2019-10-12 06:15 312Ansible 2019(1)Introduction and ... -
Timezone and Time on All Servers and Docker Containers
2019-10-10 11:18 332Timezone and Time on All Server ... -
Kafka Cluster 2019(6) 3 Nodes Cluster on CentOS7
2019-10-05 23:28 283Kafka Cluster 2019(6) 3 Nodes C ... -
K8S Helm(1)Understand YAML and Kubectl Pod and Deployment
2019-10-01 01:21 326K8S Helm(1)Understand YAML and ... -
Rancher and k8s 2019(5)Private Registry
2019-09-27 03:25 362Rancher and k8s 2019(5)Private ... -
Jenkins 2019 Cluster(1)Version 2.194
2019-09-12 02:53 444Jenkins 2019 Cluster(1)Version ... -
Redis Cluster 2019(3)Redis Cluster on CentOS
2019-08-17 04:07 373Redis Cluster 2019(3)Redis Clus ...
相关推荐
Struts2是一个流行的Java web框架,它为开发者提供了一种优雅的方式来构建动态、结构良好的Web应用程序。在Struts2中,结果(Result)是动作(Action)执行后跳转的目标,它可以是一个JSP、Servlet或其他资源。有时...
### servlet与Struts2知识点梳理 #### 一、Servlet基础概念及实现方式 - **Servlet定义**:Servlet是一种运行在服务器端的小程序,用于处理客户端发送的HTTP请求,并生成相应的HTTP响应。它属于动态资源,可以被多...
Struts2和iBATIS是两个非常重要的Java Web开发框架,它们在构建高效、可维护的Web应用程序中扮演着核心角色。Struts2是MVC(Model-View-Controller)设计模式的一种实现,用于处理用户请求和控制应用程序流程,而...
Struts2是一个强大的MVC(模型-视图-控制器)框架,它被广泛应用于Java Web开发中,提供了灵活的架构,使得开发者可以更好地组织和控制应用程序的流程。SQL Server 2008则是一款功能丰富的关系型数据库管理系统,...
1. **配置Struts2拦截器**:在struts.xml配置文件中,需要添加`token`和`tokenSession`拦截器到默认栈或自定义的拦截器栈中。`token`拦截器负责在表单中插入令牌,而`tokenSession`拦截器则负责验证令牌。 ```xml ...
message.setText("This is a test email sent using Struts2 and JavaMail API."); Transport.send(message); System.out.println("Email sent successfully!"); } catch (MessagingException e) { e....
Struts2 是一款流行的 Java Web 开发框架,用于构建基于 Model-View-Controller (MVC) 架构的Web应用程序。在MyEclipse8这样的集成开发环境中,开发Struts2应用变得更加便捷。以下是对MyEclipse8下Struts2开发流程的...
Struts2是一个基于MVC(Model-View-Controller)设计模式的Java web框架,它极大地简化了企业级应用的开发工作。在这个“Struts2登录验证实例”中,我们将探讨如何利用Struts2实现用户登录功能,包括用户输入验证、...
Struts2是一个强大的Java web应用程序框架,用于构建MVC(模型-视图-控制器)架构的应用。它简化了开发过程,提供了丰富的插件和动作支持,使得开发者能够更高效地组织和管理代码。本教程将指导新手配置第一个基于...
### 知识点一:Struts2入门(MVC HelloWorld) #### 1.1 Struts2简介 Struts2是一个开源的Web应用框架,继承了Struts1的优点,并且在此基础上进行了很多改进,使得它更加灵活和强大。Struts2采用MVC(Model-View-...
Struts2是一个强大的MVC(模型-视图-控制器)框架,被广泛应用于Java Web开发中。在"struts2上传图片"这个场景下,我们将深入探讨如何在Struts2框架下实现用户上传图片的功能,并关注网站统计访问量以及防止重复提交...
Struts2和Hibernate是两种非常流行的Java开源框架,它们在Web开发中有着广泛的应用。Struts2主要用于控制应用程序的流程,而Hibernate则是一个强大的对象关系映射(ORM)框架,帮助开发者处理数据库操作。在这个...
Struts2的ActionContext类提供了对请求上下文的访问,包括请求参数、session和全局属性等。在文件上传时,我们需要使用Struts2的FileUpload插件,这个插件基于Apache的Commons FileUpload库,负责解析请求中的文件...
Struts2和Hibernate是Java开发领域中两个非常重要的框架,它们分别用于处理MVC(Model-View-Controller)模式和对象关系映射(ORM)。在Java Web开发中,这两个框架的结合极大地提高了开发效率和代码的可维护性。 ...
### Struts2拦截器实现用户登录权限的验证 在Web应用开发中,用户登录权限验证是确保系统安全的重要环节之一。Struts2框架提供了一种灵活的方式来实现这一功能:通过自定义拦截器来控制用户的访问权限。下面我们将...
Struts2是一个强大的MVC(Model-View-Controller)框架,它是Apache软件基金会下的一个开源项目,用于构建企业级Java Web应用程序。这个“Struts2例子大全”集合可能包含了多种示例,帮助开发者深入理解Struts2框架...
### Struts2内置拦截器简介 #### 一、概述 Struts2框架是Apache软件基金会下的一个开源项目,它提供了一种基于MVC(Model-View-Controller)设计模式的Web应用开发框架。Struts2的核心是拦截器(Interceptor)机制...
Struts2是一个流行的Java Web开发框架,用于构建企业级应用。在Struts2中实现国际化(I18n,Internationalization)是常见的需求,目的是使应用程序能够根据用户的语言和地区提供相应的本地化内容。本示例将详细介绍...
**基于JSP+Struts2+Hibernate的个人博客系统** 在Web开发领域,构建一个功能完善的个人博客系统是一项常见的任务,而使用JSP、Struts2和Hibernate这三种技术的组合,可以创建出高效且易于维护的解决方案。下面将...