Spring MVC攔截器+注解方式實現防止表單重復提交

詳見：http://blog.yemou.net/article/query/info/tytfjhfascvhzxcyt335

原理：在新建頁面中Session保存token隨機碼，當保存時驗證，通過后刪除，當再次點擊保存時由於服務器端的Session中已經不存在了，所有無法驗證通過。

1.新建注解：

 

?

/**   * <p>   * 防止重復提交注解，用於方法上<br/>   * 在新建頁面方法上，設置needSaveToken()為true，此時攔截器會在Session中保存一個token，   * 同時需要在新建的頁面中添加   * <input type="hidden" name="token" value="${token}">   * <br/>   * 保存方法需要驗證重復提交的，設置needRemoveToken為true   * 此時會在攔截器中驗證是否重復提交   * </p>   * @author: chuanli   * @date: 2013-6-27上午11:14:02   *   */ @Target (ElementType.METHOD) @Retention (RetentionPolicy.RUNTIME) public @interface AvoidDuplicateSubmission {      boolean needSaveToken() default false ;      boolean needRemoveToken() default false ; }

 

 

2. 新建攔截器

 

?

/**   * <p>   * 防止重復提交過濾器   * </p>   *   * @author: chuanli   * @date: 2013-6-27上午11:19:05   */ public class AvoidDuplicateSubmissionInterceptor extends HandlerInterceptorAdapter {      private static final Logger LOG = Logger.getLogger(AvoidDuplicateSubmissionInterceptor. class );        @Override      public boolean preHandle(HttpServletRequest request,              HttpServletResponse response, Object handler) throws Exception {            User user = UserUtil.getUser();          if (user != null ) {              HandlerMethod handlerMethod = (HandlerMethod) handler;              Method method = handlerMethod.getMethod();               AvoidDuplicateSubmission annotation = method.getAnnotation(                                                         AvoidDuplicateSubmission.class);              if (annotation != null ) {                  boolean needSaveSession = annotation.needSaveToken();                  if (needSaveSession) {                     request.getSession(false).setAttribute("token",                            TokenProcessor.getInstance().generateToken());                  }                    boolean needRemoveSession = annotation.needRemoveToken();                  if (needRemoveSession) {                      if (isRepeatSubmit(request)) {                          LOG.warn( "please don't repeat submit,[user:" + user.getUsername() + ",url:"                                  + request.getServletPath() + "]" );                          return false ;                      }                      request.getSession( false ).removeAttribute( "token" );                  }              }          }          return true ;      }        private boolean isRepeatSubmit(HttpServletRequest request) {          String serverToken = (String) request.getSession( false ).getAttribute( "token" );          if (serverToken == null ) {              return true ;          }          String clinetToken = request.getParameter( "token" );          if (clinetToken == null ) {              return true ;          }          if (!serverToken.equals(clinetToken)) {              return true ;          }          return false ;      }   }

 

 

3. 在Spring中配置

 

?

< bean class = "org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping" >     < property name = "interceptors" >        < list >            < bean class = "com.sohu.tv.crm.aop.UserLogInterceptor" />            < bean class = "com.sohu.tv.crm.aop.AvoidDuplicateSubmissionInterceptor" />        </ list >     </ property >   </ bean >

 

4. 在相關方法中加入注解：

 

?

@RequestMapping ( "/save" )   @AvoidDuplicateSubmission (needRemoveToken = true )     public synchronized ModelAndView save(ExecutionUnit unit, HttpServletRequest request,                                            HttpServletResponse response)              throws Exception {   @RequestMapping ( "/edit" )      @AvoidDuplicateSubmission (needSaveToken = true )      public ModelAndView edit(Integer id, HttpServletRequest request) throws Exception {

 

5.在新建頁面中加入

1	< input  type = "hidden"  name = "token"  value = "${token}" >