Custom JSP taglib lets you check out delay for postback. The idea is very simple: you can add timestamp to your HTML forms on the rendering stage and use that value for the calculation during the postback processing. Why do we need (or may need) that? At the first hand you can implement a profiling in your web applications. And the second (and probably more interesting) solution is spam
bot detection. Humans cannot submit forms too fast. So if the delay between form rendering (request) and postback is too small
than it is very likely that this form was submitted by some software robot. Of course it is heuristic algorithm but it will work.
Sure, some artificial delay could be easily added to the bot, but that will cause the delay
for the bot itself.
For example:
<%@ taglib uri="taglib.tld" prefix="d" %> <% if ("POST".equalsIgnoreCase(request.getMethod())) { %> <d:getPostbackDelay scope="application"/> <% } %> <form method="post"> <input type="text" name="comment"> <d:setTimeStamp scope="application"/> <input type="submit"> </form> Here tag setTimeStamp adds a hidden field to your form and saves time stamp in the application scope. Tag getPostbackDelay prints calculated delay (in milliseconds). You can save time stamp in the global scope or in the session scope (on per user basic). Within your JSP page you can directly set the minimal required delay. E.g.:
<d:minPostbackDelay scope="application" delay="800"/>
Here tag minPostbackDelay will return error code 503 (not allowed) for request with postback delay in less than 800 milliseconds. If you are processing HTTP requests in servlet you can use the following call:
long com.cj.postback.Util.getPostbackDelay(ServletContext context, HttpServletRequest req, String scope)
If time stamp does not exist in the request or could not be found on the server side than returned delay will be 0. Tags are: setTimeStamp Tag adds a hidden field to your form for the future postback delay calculation. Parameters are: 1) scope Optional attribute. Describes a scope. Possible values are session or application.
Default value is session.
getPostbackDelay Tag calculates the delay (milliseconds) for postback. Prints (returns) 0 if this value could not be calculated. Parameters are: 1) scope Optional attribute. Describes a scope. Possible values are session or application.
Default value is session.
minPostbackDelay Body tag sets a minimal allowed delay (in milliseconds). For the smallest delay tag interrupts request and sets error code 503 (if body is empty) or redirects to the URL provided in tag's body. Parameters are: 1) delay Describes a minimal delay (in milliseconds).
for downloading: Library: postbackdelaytag.jar Description: taglib.tld See also Coldtags suite - the largest collection of custom JSP tags.
|
Also in Coldtags:
|