FormTokenInterceptor.java

package com.hwlcn.web.spring;

import org.apache.commons.lang3.StringUtils;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.UUID;

/**
 * User: HuangWeili
 * Date: 13-6-23
 * Time: 下午4:22
 */
public class FormTokenInterceptor extends HandlerInterceptorAdapter {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        HttpSession session = request.getSession();
        String token = request.getParameter(WebConfig.TOKEN_KEY);
        if (!StringUtils.isEmpty(token)) {

            Object keyOjbet = session.getAttribute(WebConfig.TOKEN_KEY);
            if (keyOjbet != null) {
                if (!token.equals(keyOjbet.toString())) {
                    response.sendRedirect("/font/resubmit.html");
                    return false;
                }
            }
        }
        String uuid = UUID.randomUUID().toString();
        session.setAttribute(WebConfig.TOKEN_KEY, uuid);
        return true;
    }
}