spring mvc防止表单重复提交的代码片段

时间:2024-04-19 22:34:33

1.定义一个token接口

 package com.bigbigrain.token;

 import java.lang.annotation.Documented;

 import java.lang.annotation.Retention;

 import java.lang.annotation.Target;

 import java.lang.annotation.ElementType;

 import java.lang.annotation.RetentionPolicy;

 @Target({ElementType.METHOD})

 @Retention(RetentionPolicy.RUNTIME)

 @Documented

 public @interface Token {

  boolean save() default false;

     boolean remove() default false;

 }

2.实现拦截器

 package com.bigbigrain.token;

 import java.lang.reflect.Method;

 import java.util.UUID;

 import javax.servlet.http.HttpServletRequest;

 import javax.servlet.http.HttpServletResponse;

 import org.apache.log4j.Logger;

 import org.springframework.web.method.HandlerMethod;

 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

 public class TokenInterceptor extends HandlerInterceptorAdapter {

     private static final Logger LOG = Logger.getLogger(Token.class);

     @Override

     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

         if (handler instanceof HandlerMethod) {

             HandlerMethod handlerMethod = (HandlerMethod) handler;

             Method method = handlerMethod.getMethod();

             Token annotation = method.getAnnotation(Token.class);

             if (annotation != null) {

                 boolean needSaveSession = annotation.save();

                 if (needSaveSession) {

                     request.getSession(true).setAttribute("token", UUID.randomUUID().toString());

                 }

                 boolean needRemoveSession = annotation.remove();

                 if (needRemoveSession) {

                     if (isRepeatSubmit(request)) {

                          LOG.warn("please don't repeat submit,url:"+ request.getServletPath());

                         return false;

                     }

                     request.getSession(true).removeAttribute("token");

                 }

             }

             return true;

         } else {

             return super.preHandle(request, response, handler);

         }

     }

     private boolean isRepeatSubmit(HttpServletRequest request) {

         String serverToken = (String) request.getSession(true).getAttribute("token");

         if (serverToken == null) {

             return true;

         }

         String clinetToken = request.getParameter("token");

         if (clinetToken == null) {

             return true;

         }

         if (!serverToken.equals(clinetToken)) {

             return true;

         }

         return false;

     }

 }

3.配置文件配置

 ~<!-- 拦截器配置 -->

 <mvc:interceptors>

         <!-- 配置Token拦截器,防止用户重复提交数据 -->

         <mvc:interceptor>

             <mvc:mapping path="/**"/><!--这个地方时你要拦截得路径 我这个意思是拦截所有得URL-->

             <bean class="com.dinfo.interceptor.TokenInterceptor"/><!--class文件路径改成你自己写得拦截器路径!! -->

         </mvc:interceptor>

 </mvc:interceptors>
4.在跳转需要生成token页面的controller的方法加上注解~@Token(save=true);页面加上~<input type="hidden" name="token" value="${token}" />;在页面提交处理方法上加上~@Token(remove=true)注解

===========》》》》》

相关文章