Spring MVC拦截器+注解方式实现防止表单重复提交

详见：http://blog.yemou.net/article/query/info/tytfjhfascvhzxcyt335

原理：在新建页面中Session保存token随机码，当保存时验证，通过后删除，当再次点击保存时由于服务器端的Session中已经不存在了，所有无法验证通过。

1.新建注解：

?

/**  * <p>  * 防止重复提交注解，用于方法上<br/>  * 在新建页面方法上，设置needSaveToken()为true，此时拦截器会在Session中保存一个token，  * 同时需要在新建的页面中添加  * <input type="hidden" name="token" value="${token}">  * <br/>  * 保存方法需要验证重复提交的，设置needRemoveToken为true  * 此时会在拦截器中验证是否重复提交  * </p>  * @author: chuanli  * @date: 2013-6-27上午11:14:02  *  */ @Target(ElementType.METHOD) @Retention(RetentionPolicy.RUNTIME) public @interface AvoidDuplicateSubmission {     boolean needSaveToken() default false;     boolean needRemoveToken() default false; }

2. 新建拦截器

?

/**  * <p>  * 防止重复提交过滤器  * </p>  *  * @author: chuanli  * @date: 2013-6-27上午11:19:05  */ public class AvoidDuplicateSubmissionInterceptor extends HandlerInterceptorAdapter {     private static final Logger LOG = Logger.getLogger(AvoidDuplicateSubmissionInterceptor.class);       @Override     public boolean preHandle(HttpServletRequest request,             HttpServletResponse response, Object handler) throws Exception {           User user = UserUtil.getUser();         if (user != null) {             HandlerMethod handlerMethod = (HandlerMethod) handler;             Method method = handlerMethod.getMethod();               AvoidDuplicateSubmission annotation = method.getAnnotation(                                                         AvoidDuplicateSubmission.class);             if (annotation != null) {                 boolean needSaveSession = annotation.needSaveToken();                 if (needSaveSession) {                     request.getSession(false).setAttribute("token",                            TokenProcessor.getInstance().generateToken());                 }                   boolean needRemoveSession = annotation.needRemoveToken();                 if (needRemoveSession) {                     if (isRepeatSubmit(request)) {                         LOG.warn("please don't repeat submit,[user:" + user.getUsername() + ",url:"                                 + request.getServletPath() + "]");                         return false;                     }                     request.getSession(false).removeAttribute("token");                 }             }         }         return true;     }       private boolean isRepeatSubmit(HttpServletRequest request) {         String serverToken = (String) request.getSession(false).getAttribute("token");         if (serverToken == null) {             return true;         }         String clinetToken = request.getParameter("token");         if (clinetToken == null) {             return true;         }         if (!serverToken.equals(clinetToken)) {             return true;         }         return false;     }   }

3. 在Spring中配置

?

<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">    <property name="interceptors">       <list>           <bean class="com.sohu.tv.crm.aop.UserLogInterceptor"/>           <bean class="com.sohu.tv.crm.aop.AvoidDuplicateSubmissionInterceptor"/>       </list>    </property>   </bean>

4. 在相关方法中加入注解：

?

@RequestMapping("/save")  @AvoidDuplicateSubmission(needRemoveToken = true)     public synchronized ModelAndView save(ExecutionUnit unit, HttpServletRequest request,                                            HttpServletResponse response)             throws Exception {   @RequestMapping("/edit")     @AvoidDuplicateSubmission(needSaveToken = true)     public ModelAndView edit(Integer id, HttpServletRequest request) throws Exception {

5.在新建页面中加入

1	<input type="hidden" name="token" value="${token}">