//定义注解类
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Token {
boolean save() default false;
boolean remove() default false;
}
//拦截器
import java.lang.reflect.Method;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
public class TokenInterceptor extends HandlerInterceptorAdapter {
private static final Logger LOG = Logger.getLogger(Token.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println(handler instanceof HandlerMethod);
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
Token annotation = method.getAnnotation(Token.class);
if (annotation != null) {
boolean needSaveSession = annotation.save();
if (needSaveSession) {
request.getSession(true).setAttribute("token", UUID.randomUUID().toString());
}
boolean needRemoveSession = annotation.remove();
System.out.println(needRemoveSession+" ");
if (needRemoveSession) {
if (isRepeatSubmit(request)) {
LOG.warn("please don't repeat submit,url:"+ request.getServletPath());
return false;
}
request.getSession(true).removeAttribute("token");
}
}
return true;
} else {
return super.preHandle(request, response, handler);
}
}
private boolean isRepeatSubmit(HttpServletRequest request) {
String serverToken = (String) request.getSession(true).getAttribute("token");
System.out.println("serverToken:"+serverToken);
if (serverToken == null) {
return true;
}
String clinetToken = request.getParameter("token");
System.out.println("clinetToken"+clinetToken);
if (clinetToken == null) {
return true;
}
if (!serverToken.equals(clinetToken)) {
return true;
}
return false;
}
}
<!-- 拦截器的配置-->
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" /><bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter" ><property name="messageConverters"><list><ref bean="mappingJacksonHttpMessageConverter"
/> JSON转换器</list></property></bean>
//后台传输token到html前端
@RequestMapping("/token.do")
@Token(save=true)
public void saveData(HttpServletRequest request,HttpServletResponse response){
System.out.println("此方法为开始创建token,,如有数据提交前的方法直接加入注释@Token(save=true)就行");
}
//获取token返回到前台
@RequestMapping("/getToken.do")
@ResponseBody
@Token(save=true)
public Map<String,Object> getTkoen(HttpServletRequest request,HttpServletResponse response){
String serverToken = (String) request.getSession(true).getAttribute("token");
Map<String,Object> map=new HashMap<String, Object>();
map.put("serverToken", serverToken);
return map;
}
/*
*在数据提交接口加入@Token(remove=true)注释,ajax提交的时候把获取到的token返回,表单提交加入<input type="hidden" name="token" value="${token}" />
*/