1、struts配置文件,添加拦截器TokenInterceptor
<package name="business" namespace="/business" extends="default">
<interceptors>
<interceptor name="tokenInterceptor"
class="com.imchooser.infoms.action.sys.TokenInterceptor">
</interceptor>
</interceptors>
<action name="*-save" class="{1}Action" method="save">
<result name="*">/WEB-INF/view/jsp/{1}/entity.jsp</result>
<interceptor-ref name="paramsPrepareParamsStack"/>
<interceptor-ref name="tokenInterceptor"/>
<result name="tokenerror">/WEB-INF/view/jsp/{1}/entity.jsp</result>
</action>
</package>
2、拦截器TokenInterceptor
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.struts2.ServletActionContext;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class TokenInterceptor extends AbstractInterceptor {
public String intercept(ActionInvocation invocation) throws Exception {
HttpServletRequest request = ServletActionContext.getRequest();
if(request==null){
return Action.LOGIN;
}
HttpSession session = request.getSession();
if(session==null){
return Action.LOGIN;
}
synchronized(session){
String token = request.getParameter("struts.token");
String session_token = (String) session.getAttribute("session_token");
if (StringUtils.isBlank(token) || StringUtils.isBlank(session_token) || !token.equals(session_token)) {
session.setAttribute("session_token", token);
return invocation.invoke();//通过
}
}
return "tokenerror"; //不通过,重复提交
}
}
3、在页面form表单中加上面代码
<s:token></s:token>
