1、思想,通过springmvc的自定义注解的方式,当请求过来给该请求设置一个uuid,当请求结束,uuid消除
2、springmvc中token拦截器配置
<!-- 拦截器配置,配置Token拦截器,防止用户重复提交数据 -->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean class="com.xxx.xxx.xxx.TokenInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* @author junkai.fan
* @date 2017/6/12
* 自定义注解,防止表单重复提交
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Token {
boolean save() default false;
boolean remove() default false;
}
4、自定义注解的逻辑
import java.lang.reflect.Method;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
/**
* @author junkai.fan
* @date 2017/6/12
* 防止表单重复提交
*/
public class TokenInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
Token annotation = method.getAnnotation(Token.class);
if (annotation != null) {
boolean needSaveSession = annotation.save();
if (needSaveSession) {
request.getSession(false).setAttribute("token", UUID.randomUUID().toString());
}
boolean needRemoveSession = annotation.remove();
if (needRemoveSession) {
if (isRepeatSubmit(request)) {
return false;
}
request.getSession(false).removeAttribute("token");
}
}
return true;
} else {
return super.preHandle(request, response, handler);
}
}
private boolean isRepeatSubmit(HttpServletRequest request) {
String serverToken = (String) request.getSession(false).getAttribute("token");
if (serverToken == null) {
return true;
}
String clinetToken = request.getParameter("token");
if (clinetToken == null) {
return true;
}
if (!serverToken.equals(clinetToken)) {
return true;
}
return false;
}
}
5、自定义注解的使用
@RequestMapping(value = "addInit", method = RequestMethod.GET)
@Token(save=true)
public String addInit(Model model,HttpSession session){
return "/system/role/role_add";
}
<input type="hidden" name="token" value="${token}" />
7、在添加方法执行时可以将该token移除
@RequestMapping(value = "addRole", method = RequestMethod.POST)
@Token(remove=true)
public String addRole(RoleModel role,HttpSession session){
return "redirect:/system/role/main";
}