防止表单重复提交
自定义注解
package com.abke.pay.config.annotation;
import java.lang.annotation.*;
/**
* @author liouwb
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface RequestToken {
boolean create() default false;
boolean remove() default false;
}
表单使用
package com.abke.pay.controller;
import com.abke.pay.config.annotation.RequestToken;
import com.abke.pay.config.exception.RequestParamsValidException;
import com.abke.pay.entity.req.SubmitReq;
import com.abke.pay.entity.req.TestReq;
import com.abke.pay.entity.resp.BasicResp;
import com.abke.pay.service.TestService;
import com.abke.pay.utils.RequestParamsValidUtil;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.validation.Valid;
/**
* @author liouwb
*/
@RestController
@Api(tags = "测试", produces = MediaType.APPLICATION_JSON_VALUE)
@RequestMapping("test")
public class TestController {
@Autowired
private TestService testService;
@GetMapping("test")
@ApiOperation(value = "测试")
public BasicResp test() {
return new BasicResp("0000", "success", "test");
}
@PostMapping("testPost")
@ApiOperation(value = "测试post提交")
@RequestToken(remove = true)
public BasicResp testPost(@Valid SubmitReq req, BindingResult result) throws RequestParamsValidException {
RequestParamsValidUtil.validParams(result);
return testService.submitReq(req);
}
@PostMapping("testForm")
@ApiOperation(value = "测试进入表单页面")
@RequestToken(create = true)
public BasicResp testForm(@Valid TestReq req, BindingResult result) throws RequestParamsValidException {
RequestParamsValidUtil.validParams(result);
return testService.testReq(req);
}
}
验证
package com.abke.pay.config.interceptor;
import com.abke.pay.config.annotation.RequestToken;
import com.abke.pay.utils.exception.TokenException;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpMethod;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.lang.reflect.Method;
import java.util.UUID;
/**
* @author liouwb
*/
@Component
@Slf4j
public class AuthoriseInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 是否有访问权限
Boolean isAccessReq = this.accessReq(request, handler);
// 验证表单重复提交
Boolean isSingleReq = this.singleReq(request, handler);
return true;
}
/**
* 是否有访问权限
*
* @return
*/
private Boolean accessReq(HttpServletRequest request, Object handler) throws TokenException {
// 处理跨域时 options 请求不拦截
String method = request.getMethod();
if (HttpMethod.OPTIONS.matches(method)) {
return true;
}
// 验证系统访问权限
String permissionKey = request.getHeader("permission-key");
log.info("header accessToken:{}", permissionKey);
// 系统访问权限校验
if (StringUtils.isEmpty(permissionKey)) {
log.info(" accessToken is empty:{}", permissionKey);
throw new TokenException("没有访问权限");
}
// 系统访问权限校验
if ("123456".equals(permissionKey)) {
log.info(" accessToken", permissionKey);
throw new TokenException("没有访问权限");
}
// 权限验证
// 权限正确放行
return true;
}
/**
* 处理表单防重复提交问题
*/
private boolean singleReq(HttpServletRequest request, Object handler) throws TokenException {
// 处理重复提交订单问题
if (handler instanceof HandlerMethod) {
Method methodh = ((HandlerMethod) handler).getMethod();
RequestToken annotation = methodh.getAnnotation(RequestToken.class);
if (annotation != null) {
HttpSession session = request.getSession();
// 创建token
boolean create = annotation.create();
if (create) {
String tokenStr = UUID.randomUUID().toString().replace("-", "");
session.setAttribute("request-token", tokenStr);
log.info("token:" + tokenStr);
return true;
}
// 删除token
boolean remove = annotation.remove();
if (remove) {
if (this.isRepeatSubmit(request)) {
log.warn("表单不能重复提交:" + request.getRequestURL());
throw new TokenException("表单不能重复提交");
// return false;
}
session.removeAttribute("request-token");
}
}
} else {
return true;
}
return true;
}
/**
* 判断是否重复提交
*
* @param request 参数
* @return 是否重复提交
*/
private boolean isRepeatSubmit(HttpServletRequest request) {
String sessionToken = (String) request.getSession().getAttribute("request-token");
if (sessionToken == null) {
return true;
}
String reqToken = request.getParameter("reqToken");
if (reqToken == null) {
return true;
}
if (!sessionToken.equals(reqToken)) {
return true;
}
return false;
}
}