Spring MVC拦截器+注解方式实现防止表单重复提交

原理：在新建页面中Session保存token随机码，当保存时验证，通过后删除，当再次点击保存时由于服务器端的Session中已经不存在了，所有无法验证通过。

1、新建注解：

/**
* 防止重复提交注解，用于方法上<br/>
* 在新建页面方法上，设置needSaveToken()为true，此时拦截器会在Session中保存一个token， 同时需要在新建的页面中添加<input
* type="hidden" name="token" value="${token}"><br/>
* 保存方法需要验证重复提交的，设置needRemoveToken为true 此时会在拦截器中验证是否重复提交
*
* @author pan
*
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface AvoidDuplicateSubmission {
boolean needSaveToken() default false;

boolean needRemoveToken() default false;
}

2.
新建拦截器

package org.pzy.interceptor;

import java.lang.reflect.Method;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.struts.util.TokenProcessor;
import org.pzy.annotation.AvoidDuplicateSubmission;
import org.pzy.comm.ConstantI;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

public class AvoidDuplicateSubmissionInterceptor extends
HandlerInterceptorAdapter {

public AvoidDuplicateSubmissionInterceptor() {
}

@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
AvoidDuplicateSubmission annotation = method
.getAnnotation(AvoidDuplicateSubmission.class);
if (annotation != null) {
boolean needSaveSession = annotation.needSaveToken();
if (needSaveSession) {
request.getSession(false)
.setAttribute(
ConstantI.token,
TokenProcessor.getInstance().generateToken(
request));
}

boolean needRemoveSession = annotation.needRemoveToken();
if (needRemoveSession) {
if (isRepeatSubmit(request)) {
return false;
}
request.getSession(false).removeAttribute(ConstantI.token);
}
}
}
return true;
}

private boolean isRepeatSubmit(HttpServletRequest request) {
String serverToken = (String) request.getSession(false).getAttribute(
ConstantI.token);
if (serverToken == null) {
return true;
}
String clinetToken = request.getParameter(ConstantI.token);
if (clinetToken == null) {
return true;
}
if (!serverToken.equals(clinetToken)) {
return true;
}
return false;
}
}

3. 配置spring mvc拦截器

<!-- 拦截器配置 -->
<mvc:interceptors>
<!-- 此种方式配置的拦截器会拦截所有请求 -->
<bean class="org.pzy.interceptor.AvoidDuplicateSubmissionInterceptor" />
</mvc:interceptors>

另外，你需要在view里在form里增加下面代码：

@RequestMapping("/save")
@AvoidDuplicateSubmission(needRemoveToken = true)
public synchronized ModelAndView save(ExecutionUnit unit, HttpServletRequest request, HttpServletResponse response)
throws Exception {

@RequestMapping("/edit")
@AvoidDuplicateSubmission(needSaveToken = true)
public ModelAndView edit(Integer id, HttpServletRequest request) throws Exception {