SpringMVC token 防止表单重复提交

一、定义注解 Token.java

@Target(ElementType.METHOD)@Retention(RetentionPolicy.RUNTIME)public @interface Token {    boolean save() default false;    boolean remove() default false;}

二、定义token 过滤器 TokenInterceptor.java

package com.bra.common.web;import com.bra.common.web.annotation.Token;import org.springframework.web.method.HandlerMethod;import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.lang.reflect.Method;import java.util.UUID;public class TokenInterceptor extends HandlerInterceptorAdapter {    @Override    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {        if (handler instanceof HandlerMethod) {            HandlerMethod handlerMethod = (HandlerMethod) handler;            Method method = handlerMethod.getMethod();            Token annotation = method.getAnnotation(Token.class);            if (annotation != null) {                boolean needSaveSession = annotation.save();                if (needSaveSession) {                    request.getSession(false).setAttribute("token", UUID.randomUUID().toString());                }                boolean needRemoveSession = annotation.remove();                if (needRemoveSession) {                    if (isRepeatSubmit(request)) {                        return false;                    }                    request.getSession(false).removeAttribute("token");                }            }            return true;        } else {            return super.preHandle(request, response, handler);        }    }    private boolean isRepeatSubmit(HttpServletRequest request) {        String serverToken = (String) request.getSession(false).getAttribute("token");        if (serverToken == null) {            return true;        }        String clinetToken = request.getParameter("token");        if (clinetToken == null) {            return true;        }        if (!serverToken.equals(clinetToken)) {            return true;        }        return false;    }}

三、拦截器配置 SpringMVC.xml

<mvc:interceptor><mvc:mapping path="${adminPath}/**" /><bean class="com.bra.common.web.TokenInterceptor" /></mvc:interceptor>

四、JSP

<input type="hidden" name="token" value="${token}"/>

五、Controller 

1、请求表单时，生成token

@RequestMapping(value = "save")    @Token(remove = true)    public String save(ReserveField reserveField,                       Model model, RedirectAttributes redirectAttributes) throws ParseException {        if (!beanValidator(model, reserveField)) {            return form(reserveField, model);        }        reserveFieldService.save(reserveField);        addMessage(redirectAttributes, "保存场地基本信息成功");        redirectAttributes.addAttribute("reserveVenue.id",reserveField.getReserveVenue().getId());        return "redirect:" + Global.getAdminPath() + "/reserve/reserveField/list";    }

2、保存时，验证token ，remove=true 表示删除同步token

@RequestMapping(value = "form")    @Token(save = true)    public String form(ReserveField reserveField, Model model) throws ParseException {        //场地列表        List<ReserveField> fields = reserveFieldService.findList(new ReserveField());        User user=new User();        user.setUserType("7");        List<User> userList = reserveUserService.findList(user);        model.addAttribute("userList", userList);        model.addAttribute("reserveField", reserveField);        model.addAttribute("fields", fields);        model.addAttribute("venues", reserveVenueService.findList(new ReserveVenue()));        model.addAttribute("projects", reserveProjectService.findList(new ReserveProject()));        return "reserve/field/form";    }