public class TokenValidInterceptor implements HandlerInterceptor {
private static final Log LOG = LogFactory.getLog(TokenValidInterceptor.class);
public TokenValidInterceptor() {
}
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3) throws Exception {
}
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3) throws Exception {
}
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
String md5;
if (!TokenHandler.validToken(request, response)) {
//token验证不通过,疑是重复请求 try {
//请求md5 md5 = this.getParamMd5(request);
//看看session中有没有md5,既然token验证不通过,之前多半有请求进来并保存了md5 Object oldmd5 = ServletUtil.getSession(request, response, "SPRINGMVC.ORDER.FORM");
if (oldmd5 == null) {
//虽然token校验通过了,但是没有原来的md5,也可以理解为非重复请求,所以可以放行 LOG.info("重复提交,获取原来的Md5失败");
//session中放md5 ServletUtil.putSession(request, response, "SPRINGMVC.ORDER.FORM", md5);
request.setAttribute("orderRepeatedMd5", ServletUtil.getLvSessionId(request, response) + md5);
return true;
} else if (!oldmd5.equals(md5)) {
//虽然token校验通过了,但是md5不同,所以还是非重复订单的 LOG.info("重复提交,生成的md5不同,生成新订单");
if (!request.getParameterMap().containsKey("pic_checkCode")) {
LOG.info("重复提交,订单验证码正确");
request.setAttribute("orderRepeatedMd5", ServletUtil.getLvSessionId(request, response) + md5);
ServletUtil.putSession(request, response, "SPRINGMVC.ORDER.FORM", md5);
}
return true;
} else {
//确定是重复请求了 LOG.info("重复提交,生成的md5相同,直接跳转");
ServletUtil.putSession(request, response, "SPRINGMVC.ORDER.FORM", md5);
//sessionId+md5会和订单id关联,如果已经有订单id了,跳转到详情页 Long orderId = (Long)MemcachedUtil.getInstance().get(ServletUtil.getLvSessionId(request, response) + md5);
if (orderId != null) {
String path = request.getContextPath();
response.sendRedirect(path + "/order/view.do?orderId=" + orderId);
//返回false阻断 return false;
} else {
//这个时候返回true,会有个问题,因为md5已经存在,但是订单id没有,很有可能下单时间较长,会出现重复下单的情况 request.setAttribute("orderRepeatedMd5", ServletUtil.getLvSessionId(request, response) + md5);
return true;
}
}
} catch (NoSuchAlgorithmException var8) {
LOG.error(ExceptionFormatUtil.getTrace(var8));
return false;
}
} else {
//token验证通过,不是重复请求 try {
md5 = this.getParamMd5(request);
//md5存session中,后面有用 ServletUtil.putSession(request, response, "SPRINGMVC.ORDER.FORM", md5);
//后面下单会将sessionId+md5和orderId进行关联 request.setAttribute("orderRepeatedMd5", ServletUtil.getLvSessionId(request, response) + md5);
return true;
} catch (NoSuchAlgorithmException var9) {
LOG.error(ExceptionFormatUtil.getTrace(var9));
return false;
}
}
}
private String getParamMd5(HttpServletRequest request) throws NoSuchAlgorithmException {
Map map = request.getParameterMap();
JSONObject jsonObject = JSONObject.fromObject(map);
jsonObject.remove("checkCode2");
String jsonString = jsonObject.toString();
LOG.info("创建订单生成的参数:" + jsonString);
//对请求参数进行md5加密 String md5 = MD5.encode(jsonString);
return md5;
}