Spring MVC拦截器+注解方式实现防止表单重复提交
详见:http://blog.yemou.net/article/query/info/tytfjhfascvhzxcyt335
原理:在新建页面中Session保存token随机码,当保存时验证,通过后删除,当再次点击保存时由于服务器端的Session中已经不存在了,所有无法验证通过。
1.新建注解:
|
/** * <p> * 防止重复提交注解,用于方法上<br/> * 在新建页面方法上,设置needSaveToken()为true,此时拦截器会在Session中保存一个token, * 同时需要在新建的页面中添加 * <input type="hidden" name="token" value="${token}"> * <br/> * 保存方法需要验证重复提交的,设置needRemoveToken为true * 此时会在拦截器中验证是否重复提交 * </p> * @author: chuanli * @date: 2013-6-27上午11:14:02 * */ @Target (ElementType.METHOD) @Retention (RetentionPolicy.RUNTIME) public @interface AvoidDuplicateSubmission { boolean needSaveToken() default false ; boolean needRemoveToken() default false ; } |
2. 新建拦截器
|
/** * <p> * 防止重复提交过滤器 * </p> * * @author: chuanli * @date: 2013-6-27上午11:19:05 */ public class AvoidDuplicateSubmissionInterceptor extends HandlerInterceptorAdapter { private static final Logger LOG = Logger.getLogger(AvoidDuplicateSubmissionInterceptor. class ); @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { User user = UserUtil.getUser(); if (user != null ) { HandlerMethod handlerMethod = (HandlerMethod) handler; Method method = handlerMethod.getMethod();
if (annotation != null ) { boolean needSaveSession = annotation.needSaveToken(); if (needSaveSession) {
} boolean needRemoveSession = annotation.needRemoveToken(); if (needRemoveSession) { if (isRepeatSubmit(request)) { LOG.warn( "please don't repeat submit,[user:" + user.getUsername() + ",url:" + request.getServletPath() + "]" ); return false ; } request.getSession( false ).removeAttribute( "token" ); } } } return true ; } private boolean isRepeatSubmit(HttpServletRequest request) { String serverToken = (String) request.getSession( false ).getAttribute( "token" ); if (serverToken == null ) { return true ; } String clinetToken = request.getParameter( "token" ); if (clinetToken == null ) { return true ; } if (!serverToken.equals(clinetToken)) { return true ; } return false ; } } |
3. 在Spring中配置
|
< bean class = "org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" > < property name = "interceptors" > < list > < bean class = "com.sohu.tv.crm.aop.UserLogInterceptor" /> < bean class = "com.sohu.tv.crm.aop.AvoidDuplicateSubmissionInterceptor" /> </ list > </ property > </ bean > |
4. 在相关方法中加入注解:
|
@RequestMapping ( "/save" ) @AvoidDuplicateSubmission (needRemoveToken = true )
throws Exception { @RequestMapping ( "/edit" ) @AvoidDuplicateSubmission (needSaveToken = true ) public ModelAndView edit(Integer id, HttpServletRequest request) throws Exception { |
5.在新建页面中加入
1
|
< input type = "hidden" name = "token" value = "${token}" > |