一、定义注解 Token.java
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Token {
boolean save() default false;
boolean remove() default false;
}
二、定义token 过滤器 TokenInterceptor.java
package com.bra.common.web;
import com.bra.common.web.annotation.Token;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.util.UUID;
public class TokenInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
Token annotation = method.getAnnotation(Token.class);
if (annotation != null) {
boolean needSaveSession = annotation.save();
if (needSaveSession) {
request.getSession(false).setAttribute("token", UUID.randomUUID().toString());
}
boolean needRemoveSession = annotation.remove();
if (needRemoveSession) {
if (isRepeatSubmit(request)) {
return false;
}
request.getSession(false).removeAttribute("token");
}
}
return true;
} else {
return super.preHandle(request, response, handler);
}
}
private boolean isRepeatSubmit(HttpServletRequest request) {
String serverToken = (String) request.getSession(false).getAttribute("token");
if (serverToken == null) {
return true;
}
String clinetToken = request.getParameter("token");
if (clinetToken == null) {
return true;
}
if (!serverToken.equals(clinetToken)) {
return true;
}
return false;
}
}
三、拦截器配置 SpringMVC.xml
<mvc:interceptor>
<mvc:mapping path="${adminPath}/**" />
<bean class="com.bra.common.web.TokenInterceptor" />
</mvc:interceptor>
四、JSP
<input type="hidden" name="token" value="${token}"/>
五、Controller
1、请求表单时,生成token
@RequestMapping(value = "form")
@Token(save = true)
public String form(ReserveField reserveField, Model model) throws ParseException {
//场地列表
List<ReserveField> fields = reserveFieldService.findList(new ReserveField());
User user=new User();
user.setUserType("7");
List<User> userList = reserveUserService.findList(user);
model.addAttribute("userList", userList);
model.addAttribute("reserveField", reserveField);
model.addAttribute("fields", fields);
model.addAttribute("venues", reserveVenueService.findList(new ReserveVenue()));
model.addAttribute("projects", reserveProjectService.findList(new ReserveProject()));
return "reserve/field/form";
}
2、保存时,验证token ,remove=true 表示删除同步token
@RequestMapping(value = "save")
@Token(remove = true)
public String save(ReserveField reserveField,
Model model, RedirectAttributes redirectAttributes) throws ParseException {
if (!beanValidator(model, reserveField)) {
return form(reserveField, model);
}
reserveFieldService.save(reserveField);
addMessage(redirectAttributes, "保存场地基本信息成功");
redirectAttributes.addAttribute("reserveVenue.id",reserveField.getReserveVenue().getId());
return "redirect:" + Global.getAdminPath() + "/reserve/reserveField/list";
}