Domů Procházet Nápověda
Registrovat se Přihlásit se
limeng
/
xczxw
Sledovat 1
Oblíbit 0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: b549d4edb4
Větve Značky
xczxw
/
src
/
main
/
java
/
com
/
sooka
/
common
/
aop
/
FormTokenAspect.java

FormTokenAspect.java 2.6 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 
  1. package com.sooka.common.aop;
    2. 

  2. 

  3. import com.sooka.common.exception.SystemException;
    4. 

  4. import com.sooka.common.utils.StrUtil;
    5. 

  5. import org.aspectj.lang.ProceedingJoinPoint;
    6. 

  6. import org.aspectj.lang.annotation.Around;
    7. 

  7. import org.aspectj.lang.annotation.Aspect;
    8. 

  8. import org.slf4j.Logger;
    9. 

  9. import org.slf4j.LoggerFactory;
    10. 

  10. import org.springframework.stereotype.Component;
    11. 

  11. import org.springframework.web.context.request.RequestContextHolder;
    12. 

  12. import org.springframework.web.context.request.ServletRequestAttributes;
    13. 

  13. 

  14. import javax.servlet.http.HttpServletRequest;
    15. 

  15. import javax.servlet.http.HttpServletResponse;
    16. 

  16. import javax.servlet.http.HttpSession;
    17. 

  17. 

  18. @Aspect
    19. 

  19. @Component
    20. 

  20. public class FormTokenAspect {
    21. 

  21. 

  22. 	private static final String PARAM_TOKEN = "token";
    23. 

  23. 	private static final String PARAM_TOKEN_FLAG = "TokenFlag_";
    24. 

  24. 

  25. 	private static final Logger log = LoggerFactory.getLogger(FormTokenAspect.class);
    26. 

  26. 

  27. 	@Around("@annotation(com.sooka.common.annotation.FormToken)")
    28. 

  28. 	public Object execute(ProceedingJoinPoint joinPoint) throws Throwable {
    29. 

  29. 		ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
    30. 

  30. 		HttpServletRequest request = attributes.getRequest();
    31. 

  31. 		HttpServletResponse response =  attributes.getResponse();
    32. 

  32. 		String className = joinPoint.getTarget().getClass().getName();
    33. 

  33. 		HttpSession session = request.getSession();
    34. 

  34. 		if ("GET".equalsIgnoreCase(request.getMethod())) {
    35. 

  35. 			log.info("生成token");
    36. 

  36. 			/* GET 生成 token */
    37. 

  37. 		 return   this.generate(joinPoint, request, session, PARAM_TOKEN_FLAG + className);
    38. 

  38. 		} else {
    39. 

  39. 			log.info("验证token");
    40. 

  40. 			/* POST 验证 token */
    41. 

  41. 		 return   this.validation(joinPoint, request,response, session, PARAM_TOKEN_FLAG + className);
    42. 

  42. 		}
    43. 

  43. 

  44. 	}
    45. 

  45. 

  46. 

  47. 	public Object generate(ProceedingJoinPoint joinPoint, HttpServletRequest request, HttpSession session,
    48. 

  48. 			String tokenFlag) throws Throwable {
    49. 

  49. 		String uuid = StrUtil.getUUID().toString();
    50. 

  50. 		String tokenInput = "<input id=\"token\"  type=\"hidden\" name=\""+PARAM_TOKEN+"\" value=\"" + uuid + "\">";
    51. 

  51. 		session.setAttribute(tokenFlag, uuid);
    52. 

  52. 		request.setAttribute(PARAM_TOKEN, tokenInput);
    53. 

  53. 		return joinPoint.proceed();
    54. 

  54. 	}
    55. 

  55. 

  56. 

  57. 	public Object validation(ProceedingJoinPoint joinPoint, HttpServletRequest request,HttpServletResponse response, HttpSession session,
    58. 

  58. 			String tokenFlag) throws Throwable {
    59. 

  59. 		Object sessionFlag = session.getAttribute(tokenFlag);
    60. 

  60. 		Object requestFlag = request.getParameter(PARAM_TOKEN);
    61. 

  61. 		if (requestFlag!=null&&sessionFlag != null && sessionFlag.equals(requestFlag)) {
    62. 

  62. 			session.removeAttribute(tokenFlag);
    63. 

  63. 		}else {
    64. 

  64. 			throw new SystemException("不能重复提交表单!");
    65. 

  65. 		}
    66. 

  66. 		return joinPoint.proceed();
    67. 

  67. 	}
    68. 

  68. 

  69. }
    70.