首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >SpringMVC token 防止表单重复提交

SpringMVC token 防止表单重复提交

作者头像
week
发布2018-08-27 09:38:27
1.4K0
发布2018-08-27 09:38:27
举报
文章被收录于专栏:用户画像用户画像

一、定义注解 Token.java

@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Token {
    boolean save() default false;
    boolean remove() default false;
}

二、定义token 过滤器 TokenInterceptor.java

package com.bra.common.web;

import com.bra.common.web.annotation.Token;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.util.UUID;

public class TokenInterceptor extends HandlerInterceptorAdapter {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if (handler instanceof HandlerMethod) {
            HandlerMethod handlerMethod = (HandlerMethod) handler;
            Method method = handlerMethod.getMethod();
            Token annotation = method.getAnnotation(Token.class);
            if (annotation != null) {
                boolean needSaveSession = annotation.save();
                if (needSaveSession) {
                    request.getSession(false).setAttribute("token", UUID.randomUUID().toString());
                }
                boolean needRemoveSession = annotation.remove();
                if (needRemoveSession) {
                    if (isRepeatSubmit(request)) {
                        return false;
                    }
                    request.getSession(false).removeAttribute("token");
                }
            }
            return true;
        } else {
            return super.preHandle(request, response, handler);
        }
    }

    private boolean isRepeatSubmit(HttpServletRequest request) {
        String serverToken = (String) request.getSession(false).getAttribute("token");
        if (serverToken == null) {
            return true;
        }
        String clinetToken = request.getParameter("token");
        if (clinetToken == null) {
            return true;
        }
        if (!serverToken.equals(clinetToken)) {
            return true;
        }
        return false;
    }
}

三、拦截器配置 SpringMVC.xml

<mvc:interceptor>
			<mvc:mapping path="${adminPath}/**" />
			<bean class="com.bra.common.web.TokenInterceptor" />
		</mvc:interceptor>

四、JSP

<input type="hidden" name="token" value="${token}"/>

五、Controller 

1、请求表单时,生成token

@RequestMapping(value = "form")
    @Token(save = true)
    public String form(ReserveField reserveField, Model model) throws ParseException {
        //场地列表
        List<ReserveField> fields = reserveFieldService.findList(new ReserveField());
        User user=new User();
        user.setUserType("7");
        List<User> userList = reserveUserService.findList(user);
        model.addAttribute("userList", userList);
        model.addAttribute("reserveField", reserveField);
        model.addAttribute("fields", fields);
        model.addAttribute("venues", reserveVenueService.findList(new ReserveVenue()));
        model.addAttribute("projects", reserveProjectService.findList(new ReserveProject()));
        return "reserve/field/form";
    }

2、保存时,验证token ,remove=true 表示删除同步token

@RequestMapping(value = "save")
    @Token(remove = true)
    public String save(ReserveField reserveField,
                       Model model, RedirectAttributes redirectAttributes) throws ParseException {
        if (!beanValidator(model, reserveField)) {
            return form(reserveField, model);
        }
        reserveFieldService.save(reserveField);
        addMessage(redirectAttributes, "保存场地基本信息成功");
        redirectAttributes.addAttribute("reserveVenue.id",reserveField.getReserveVenue().getId());
        return "redirect:" + Global.getAdminPath() + "/reserve/reserveField/list";
    }
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2016年01月20日,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 作者个人站点/博客 前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体分享计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
领券
问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档