下面的代码是使用shiro做安全控制的后台管理系统的防重提交。
可根据实际情况进行修改
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
/**
* @类名称 ResubmitAop
* @类描述 定义切面,进行重复提交拦截
*/
@Aspect
@Component
public class ResubmitAop {
private static final Logger logger = LoggerFactory.getLogger(ResubmitAop.class);
@Around("execution(* com.controller..*(..)) && @annotation(resubmit)")
public Object doInterceptor(ProceedingJoinPoint pjp, Resubmit resubmit) throws Throwable {
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request = attributes.getRequest();
Subject subject = SecurityUtils.getSubject();
PrincipalCollection principals = subject.getPrincipals();
String token = principals.toString();// 访问令牌
String path = request.getServletPath();// 访问路径
String key = PREFIX + path + ":" + token;
if (CacheUtils.exists(key)) {// 如果缓存中有这个url视为重复提交
logger.info("重复提交拦截,account:{},path:{}", JwtUtil.getAccount(token), path);
throw new Exception("");
}
CacheUtils.set(key, value, EXPIRE_TIME);
return pjp.proceed();
}
}