Spring MVC拦截器+注解方式实现防止表单重复提交

详见:http://blog.yemou.net/article/query/info/tytfjhfascvhzxcyt335

原理:在新建页面中Session保存token随机码,当保存时验证,通过后删除,当再次点击保存时由于服务器端的Session中已经不存在了,所有无法验证通过。

1.新建注解:

 

?

 
/**
 * <p>
 * 防止重复提交注解,用于方法上<br/>
 * 在新建页面方法上,设置needSaveToken()为true,此时拦截器会在Session中保存一个token,
 * 同时需要在新建的页面中添加
 * <input type="hidden" name="token" value="${token}">
 * <br/>
 * 保存方法需要验证重复提交的,设置needRemoveToken为true
 * 此时会在拦截器中验证是否重复提交
 * </p>
 * @author: chuanli
 * @date: 2013-6-27上午11:14:02
 *
 */
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface AvoidDuplicateSubmission {
    boolean needSaveToken() default false;
    boolean needRemoveToken() default false;
}

 

 

2. 新建拦截器

 

?

 
/**
 * <p>
 * 防止重复提交过滤器
 * </p>
 *
 * @author: chuanli
 * @date: 2013-6-27上午11:19:05
 */
public class AvoidDuplicateSubmissionInterceptor extends HandlerInterceptorAdapter {
    private static final Logger LOG = Logger.getLogger(AvoidDuplicateSubmissionInterceptor.class);
 
    @Override
    public boolean preHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler) throws Exception {
 
        User user = UserUtil.getUser();
        if (user != null) {
            HandlerMethod handlerMethod = (HandlerMethod) handler;
            Method method = handlerMethod.getMethod();
 

            AvoidDuplicateSubmission annotation = method.getAnnotation(

                                                        AvoidDuplicateSubmission.class);

            if (annotation != null) {
                boolean needSaveSession = annotation.needSaveToken();
                if (needSaveSession) {

                    request.getSession(false).setAttribute("token"

                          TokenProcessor.getInstance().generateToken());

                }
 
                boolean needRemoveSession = annotation.needRemoveToken();
                if (needRemoveSession) {
                    if (isRepeatSubmit(request)) {
                        LOG.warn("please don't repeat submit,[user:" + user.getUsername() + ",url:"
                                + request.getServletPath() + "]");
                        return false;
                    }
                    request.getSession(false).removeAttribute("token");
                }
            }
        }
        return true;
    }
 
    private boolean isRepeatSubmit(HttpServletRequest request) {
        String serverToken = (String) request.getSession(false).getAttribute("token");
        if (serverToken == null) {
            return true;
        }
        String clinetToken = request.getParameter("token");
        if (clinetToken == null) {
            return true;
        }
        if (!serverToken.equals(clinetToken)) {
            return true;
        }
        return false;
    }
 
}
   

 

 

3. 在Spring中配置

 

?

 
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
   <property name="interceptors">
      <list>
          <bean class="com.sohu.tv.crm.aop.UserLogInterceptor"/>
          <bean class="com.sohu.tv.crm.aop.AvoidDuplicateSubmissionInterceptor"/>
      </list>
   </property>
 
</bean>

 

4. 在相关方法中加入注解:

 

?

 
@RequestMapping("/save")
 @AvoidDuplicateSubmission(needRemoveToken = true)

    public synchronized ModelAndView save(ExecutionUnit unit, HttpServletRequest request, 

                                          HttpServletResponse response)

            throws Exception {
 
@RequestMapping("/edit")
    @AvoidDuplicateSubmission(needSaveToken = true)
    public ModelAndView edit(Integer id, HttpServletRequest request) throws Exception {
   

 

5.在新建页面中加入

1
     <input type="hidden" name="token" value="${token}">

posted on 2016-11-22 11:23  grefr  阅读(5181)  评论(0编辑  收藏  举报

导航