Spring MVC拦截器+注解方式实现防止表单重复提交

原理：在新建页面中Session保存token随机码，当保存时验证，通过后删除，当再次点击保存时由于服务器端的Session中已经不存在了，所有无法验证通过。

1.新建注解：

01/**

02 * <p>

03 * 防止重复提交注解，用于方法上<br/>

04 * 在新建页面方法上，设置needSaveToken()为true，此时拦截器会在Session中保存一个token，

05 * 同时需要在新建的页面中添加

06 * <input type="hidden" name="token" value="${token}">

07 * <br/>

08 * 保存方法需要验证重复提交的，设置needRemoveToken为true

09 * 此时会在拦截器中验证是否重复提交

10 * </p>

11 * @author: chuanli

12 * @date: 2013-6-27上午11:14:02

13 *

14 */

15@Target(ElementType.METHOD)

16@Retention(RetentionPolicy.RUNTIME)

17public @interface AvoidDuplicateSubmission {

18    boolean needSaveToken() default false;

19    boolean needRemoveToken() default false;

20}

2. 新建拦截器

01/**

02 * <p>

03 * 防止重复提交过滤器

04 * </p>

05 *

06 * @author: chuanli

07 * @date: 2013-6-27上午11:19:05

08 */

09public class AvoidDuplicateSubmissionInterceptor extends HandlerInterceptorAdapter {

10    private static final Logger LOG = Logger.getLogger(AvoidDuplicateSubmissionInterceptor.class);

11 

12    @Override

13    public boolean preHandle(HttpServletRequest request,

14            HttpServletResponse response, Object handler) throws Exception {

15 

16        User user = UserUtil.getUser();

17        if (user != null) {

18            HandlerMethod handlerMethod = (HandlerMethod) handler;

19            Method method = handlerMethod.getMethod();

20 

21            AvoidDuplicateSubmission annotation = method.getAnnotation(AvoidDuplicateSubmission.class);

22            if (annotation != null) {

23                boolean needSaveSession = annotation.needSaveToken();

24                if (needSaveSession) {

25                    request.getSession(false).setAttribute("token", TokenProcessor.getInstance().generateToken());

26                }

27 

28                boolean needRemoveSession = annotation.needRemoveToken();

29                if (needRemoveSession) {

30                    if (isRepeatSubmit(request)) {

31                        LOG.warn("please don't repeat submit,[user:" + user.getUsername() + ",url:"

32                                + request.getServletPath() + "]");

33                        return false;

34                    }

35                    request.getSession(false).removeAttribute("token");

36                }

37            }

38        }

39        return true;

40    }

41 

42    private boolean isRepeatSubmit(HttpServletRequest request) {

43        String serverToken = (String) request.getSession(false).getAttribute("token");

44        if (serverToken == null) {

45            return true;

46        }

47        String clinetToken = request.getParameter("token");

48        if (clinetToken == null) {

49            return true;

50        }

51        if (!serverToken.equals(clinetToken)) {

52            return true;

53        }

54        return false;

55    }

56 

57}

3. 在Spring中配置

1<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">

2   <property name="interceptors">

3      <list>

4          <bean class="com.sohu.tv.crm.aop.UserLogInterceptor"/>

5          <bean class="com.sohu.tv.crm.aop.AvoidDuplicateSubmissionInterceptor"/>

6      </list>

7   </property>

8 

9</bean>

4. 在相关方法中加入注解：

1@RequestMapping("/save")

2 @AvoidDuplicateSubmission(needRemoveToken = true)

3    public synchronized ModelAndView save(ExecutionUnit unit, HttpServletRequest request, HttpServletResponse response)

4            throws Exception {

5 

6@RequestMapping("/edit")

7    @AvoidDuplicateSubmission(needSaveToken = true)

8    public ModelAndView edit(Integer id, HttpServletRequest request) throws Exception {

5.在新建页面中加入

                <input type="hidden" name="token" value="${token}">