springmvc prevents repeated form submissions

Principle: In the new page, the session saves the random code of the token. When it is saved, it is verified and deleted after it is passed. When the save is clicked again, because the session on the server side no longer exists, all verification cannot be passed.

注解Token代码：

@Target(ElementType.METHOD)

@Retention  (RetentionPolicy.RUNTIME)

public  @interface  Token {

      boolean  save()  default  false; 


      boolan  remove()  default  false  ;

}

Interceptor TokenInterceptor code:

 

public  class  TokenInterceptor  extends  HandlerInterceptorAdapter {

 

      @Override

      public  boolean  preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)  throws  Exception {

          if  (handler  instanceof  HandlerMethod) {

              HandlerMethod handlerMethod = (HandlerMethod) handler;

              Method method = handlerMethod.getMethod();

              Token annotation = method.getAnnotation(Token.  class  );

              if  (annotation !=  null  ) {

                  boolean  needSaveSession = annotation.save();

                  if  (needSaveSession) {

                      request.getSession(  false  ).setAttribute(  "token"  , UUID.randomUUID().toString());

                  }

                  boolean  needRemoveSession = annotation.remove();

                  if  (needRemoveSession) {

                      if  (isRepeatSubmit(request)) {

                          return  false  ;

                      }

                      request.getSession(  false  ).removeAttribute(  "token"  );

                  }

              }

              return  true  ;

          }  else  {

              return  super  .preHandle(request, response, handler);

          }

      }

 

      private  boolean  isRepeatSubmit(HttpServletRequest request) {

          String serverToken = (String) request.getSession(  false  ).getAttribute(  "token"  );

          if  (serverToken ==  null  ) {

              return  true  ;

          }

          String clinetToken = request.getParameter(  "token"  );

          if  (clinetToken ==  null  ) {

              return  true  ;

          }

          if  (!serverToken.equals(clinetToken)) {

              return  true  ;

          }

          return  false  ;

      }

}

 

Then add in the Spring MVC configuration file:

 

<!-- 拦截器配置 -->

<  mvc:interceptors  >

     


      <!-- 配置Token拦截器，防止用户重复提交数据 -->

      <  mvc:interceptor  >

          <  mvc:mapping  path  =  "/**"  />

          <  bean  class  =  "com.storezhang.web.spring.TokenInterceptor"  />

      </  mvc:interceptor  >

</  mvc:interceptors  >

 

 

The usage of this method is: add @Token(save=true) to the controller that needs to generate tokens, and add @Token(remove=true) to the controller that needs to check for duplicate submissions.
In addition, you need to add the following code to the form in the view:

<input type="hidden" name="token" value="${token}" />

Source: https://my.oschina.net/u/273598/blog/191666