一.過濾器與攔截器的區別
1.當瀏覽器訪問Tomcat的時候過濾器會攔截資源,過濾器什麼資源都攔截,過濾器在攔截器之前,是用來攔截servlet的
2.DispatcherServlet中央處理器 在所有的action實現之前的攔截,攔截器攔截的是action,攔截器是類似過濾器的一種資源,是SpringMvc內置實現的,必須實現一個接口HandlerInterceptor
二.自定義攔截器
攔截器原理
在mvc-servlet.xml中配置攔截器
<!-- 該攔截器用於攔截URL上參數 -->
<mvc:interceptors>
<!-- 自定義攔截器 -->
<mvc:interceptor>
<!-- 要攔截的資源 path=/*攔截所有-->
<mvc:mapping path="/tm"/>
<!-- 實現攔截器類的路徑 -->
<bean class="springmvc.less05.controller.MyInterController"></bean>
</mvc:interceptor>
</mvc:interceptors>
實現接口HandlerInterceptor
package springmvc.less05.controller;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
public class MyInterController implements HandlerInterceptor {
//在action執行完攔截
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
//在action執行之後攔截
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
//在action執行之前就攔截
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
//獲取設置的UUID值
String myToken= request.getParameter("token");
//獲取session
Object myToken1= request.getSession().getAttribute("token");
//true 讓攔截器過 false則是攔下
//判斷是否是重複提交,如何參數有值就是重複提交,需要驗證重複提交
if(myToken!=null){
//如果session==null就是重複提交返回false攔截
if(myToken1==null){
return false;
}else{
//如果設置的UUID和session相等就不攔截action,清掉session的值
if(myToken.equals(myToken1)){
request.getSession().removeAttribute("token");
return true;
}else{
return false;
}
}
}else{
return true;
}
}
}
action
package springmvc.less05.controller;
import java.io.OutputStream;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import springmvc.less05.dao.MoneyDaoImpl;
@Controller
public class InterController {
@RequestMapping(value="/inter",method=RequestMethod.GET)
public String quert(OutputStream os)throws Exception{
os.write("hello".getBytes());
return null;
}
@Autowired
MoneyDaoImpl mdi;
@RequestMapping(value="/tm",method=RequestMethod.GET)
public String quer(Integer money,OutputStream os)throws Exception{
//根據前臺傳過來的金額進行扣錢
mdi.updateMoney(money);
//顯示剩餘的金錢
os.write(("lostedmoney is:"+mdi.selectMoney()).getBytes());
return null;
}
}
業務邏輯層
package springmvc.less05.dao;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Repository;
@Repository
public class MoneyDaoImpl {
@Autowired
JdbcTemplate jdbc;
//修改金額
public void updateMoney(int money){
String sql="update mymoney set lostedmoney=lostedmoney-"+money+" where usid=1";
jdbc.execute(sql);
}
//查詢剩餘金額
public int selectMoney(){
String sql="select lostedmoney from mymoney where usid=1";
Integer lostedMoney=jdbc.queryForObject(sql,Integer.class);
return lostedMoney;
}
}
前臺頁面
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<%@taglib tagdir="/WEB-INF/tags" prefix="my"%><!-- 引入防重複提交標籤 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'money.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<form action="${pageContext.request.contextPath}/tm">
扣錢:<input name ='money'>
<!-- 引入防重複提交標籤 -->
<my:token></my:token>
<input type="submit" name="扣錢">
</form>
</body>
</html>
三.防重複提交
防重複提交原理
在WEB-INF設置標籤 設置隱藏表單域和給session設值
<%@ tag language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@attribute name="tokename" required="false" %>
<%
String ranStr=UUID.randomUUID().toString();
String key=(tokename==null?"token":tokename);
session.setAttribute(key,ranStr);
%>
<input type='hidden' name='<%=key %>' value='<%=ranStr %>'/>