public class TokenHandlerInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest arg0,
HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, ModelAndView arg3) throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object object) throws Exception {
if((request.getParameter("token")!=null)) {
String token = request.getParameter("token").toString();
String sessionToken = request.getSession().getAttribute("token").toString();
if(sessionToken!=null&&!token.equals(sessionToken)) {
request.getRequestDispatcher("/page/reForm.jsp").forward(request, response);
return false;
}
}
String header = request.getHeader("X-request-with");
if(!"XMLHttpRequest".equals(header)) {
request.getSession().setAttribute("token", UUID.randomUUID());
}
return true;
}
}
转载于:https://my.oschina.net/iiiiiSKY/blog/647676