Spring MVC拦截器+注解方式实现防止表单重复提交

原理:在新建页面中Session保存token随机码,当保存时验证,通过后删除,当再次点击保存时由于服务器端的Session中已经不存在了,所有无法验证通过。
 

1.新建注解:

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
/**
  * <p>
  * 防止重复提交注解,用于方法上<br/>
  * 在新建页面方法上,设置needSaveToken()为true,此时拦截器会在Session中保存一个token,
  * 同时需要在新建的页面中添加
  * <input type="hidden" name="token" value="${token}">
  * <br/>
  * 保存方法需要验证重复提交的,设置needRemoveToken为true
  * 此时会在拦截器中验证是否重复提交
  * </p>
  * @author: chuanli
  * @date: 2013-6-27上午11:14:02
  *
  */
@Target (ElementType.METHOD)
@Retention (RetentionPolicy.RUNTIME)
public @interface AvoidDuplicateSubmission {
     boolean needSaveToken() default false ;
     boolean needRemoveToken() default false ;
}

 

 

2. 新建拦截器

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/**
  * <p>
  * 防止重复提交过滤器
  * </p>
  *
  * @author: chuanli
  * @date: 2013-6-27上午11:19:05
  */
public class AvoidDuplicateSubmissionInterceptor extends HandlerInterceptorAdapter {
     private static final Logger LOG = Logger.getLogger(AvoidDuplicateSubmissionInterceptor. class );
 
     @Override
     public boolean preHandle(HttpServletRequest request,
             HttpServletResponse response, Object handler) throws Exception {
 
         User user = UserUtil.getUser();
         if (user != null ) {
             HandlerMethod handlerMethod = (HandlerMethod) handler;
             Method method = handlerMethod.getMethod();
 
             AvoidDuplicateSubmission annotation = method.getAnnotation(AvoidDuplicateSubmission. class );
             if (annotation != null ) {
                 boolean needSaveSession = annotation.needSaveToken();
                 if (needSaveSession) {
                     request.getSession( false ).setAttribute( "token" , TokenProcessor.getInstance().generateToken());
                 }
 
                 boolean needRemoveSession = annotation.needRemoveToken();
                 if (needRemoveSession) {
                     if (isRepeatSubmit(request)) {
                         LOG.warn( "please don't repeat submit,[user:" + user.getUsername() + ",url:"
                                 + request.getServletPath() + "]" );
                         return false ;
                     }
                     request.getSession( false ).removeAttribute( "token" );
                 }
             }
         }
         return true ;
     }
 
     private boolean isRepeatSubmit(HttpServletRequest request) {
         String serverToken = (String) request.getSession( false ).getAttribute( "token" );
         if (serverToken == null ) {
             return true ;
         }
         String clinetToken = request.getParameter( "token" );
         if (clinetToken == null ) {
             return true ;
         }
         if (!serverToken.equals(clinetToken)) {
             return true ;
         }
         return false ;
     }
 
}

 

 

3. 在Spring中配置

 

?
1
2
3
4
5
6
7
8
9
< bean class = "org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" >
    < property name = "interceptors" >
       < list >
           < bean class = "com.sohu.tv.crm.aop.UserLogInterceptor" />
           < bean class = "com.sohu.tv.crm.aop.AvoidDuplicateSubmissionInterceptor" />
       </ list >
    </ property >
 
</ bean >

 

 

4. 在相关方法中加入注解:

 

?
1
2
3
4
5
6
7
8
@RequestMapping ( "/save" )
  @AvoidDuplicateSubmission (needRemoveToken = true )
     public synchronized ModelAndView save(ExecutionUnit unit, HttpServletRequest request, HttpServletResponse response)
             throws Exception {
 
@RequestMapping ( "/edit" )
     @AvoidDuplicateSubmission (needSaveToken = true )
     public ModelAndView edit(Integer id, HttpServletRequest request) throws Exception {

 

5.在新建页面中加入
                <input type="hidden" name="token" value="${token}">
 
 

你可能感兴趣的:(spring mvc)