问题背景与核心挑战
核心代码实现@Controllerpublic class TokenController { /** * 生成并返回表单Token */ @GetMapping("/form/token") @ResponseBody public ResponseResult generateFormToken(HttpServletRequest request) { String token = UUID.randomUUID().toString(); // 将token存入session request.getSession().setAttribute("FORM_TOKEN", token); return ResponseResult.success(token); } /** * 验证Token有效性 */ private boolean validateToken(HttpServletRequest request) { String clientToken = request.getParameter("token"); if (StringUtils.isEmpty(clientToken)) { return false; } HttpSession session = request.getSession(); String serverToken = (String) session.getAttribute("FORM_TOKEN"); if (StringUtils.isEmpty(serverToken) || !serverToken.equals(clientToken)) { return false; } // 验证成功后立即删除token,防止重复使用 session.removeAttribute("FORM_TOKEN"); return true; } /** * 表单提交处理 */ @PostMapping("/form/submit") @ResponseBody public ResponseResult submitForm(@RequestBody FormData formData, HttpServletRequest request) { // Token验证 if (!validateToken(request)) { return ResponseResult.error("请勿重复提交"); } // 业务逻辑处理 return businessService.processForm(formData); }}方案二:AOP + Redis分布式方案系统架构图
核心代码实现/** * 防重复提交注解 */@Target(ElementType.METHOD)@Retention(RetentionPolicy.RUNTIME)public @interface PreventDuplicate { /** * 锁定的键名表达式(支持SpEL) */ String key() default ""; /** * 锁定时间(秒) */ int lockTime() default 5; /** * 错误消息 */ String message() default "请勿重复提交";}/** * AOP切面处理 */@Aspect@Component@Slf4jpublic class PreventDuplicateAspect { @Autowired private RedisTemplate<String, Object> redisTemplate; /** * 环绕通知处理 */ @Around("@annotation(preventDuplicate)") public Object around(ProceedingJoinPoint joinPoint, PreventDuplicate preventDuplicate) throws Throwable { // 构建Redis键 String redisKey = buildRedisKey(joinPoint, preventDuplicate); int lockTime = preventDuplicate.lockTime(); // 尝试获取分布式锁 boolean lockAcquired = acquireLock(redisKey, lockTime); if (!lockAcquired) { String errorMessage = preventDuplicate.message(); log.warn("重复提交被拦截,键名: {}", redisKey); throw new BusinessException(errorMessage); } try { // 执行原方法 return joinPoint.proceed(); } finally { // 根据业务需求决定是否立即释放锁 // 通常让锁自动过期即可,避免并发问题 } } /** * 获取分布式锁 */ private boolean acquireLock(String key, int expireSeconds) { String script = "if redis.call('set', KEYS[1], ARGV[1], 'EX', ARGV[2], 'NX') then " + " return 1 " + "else " + " return 0 " + "end"; String requestId = UUID.randomUUID().toString(); Long result = redisTemplate.execute( new DefaultRedisScript<>(script, Long.class), Collections.singletonList(key), requestId, String.valueOf(expireSeconds) ); return result != null && result == 1; } /** * 构建Redis键 */ private String buildRedisKey(ProceedingJoinPoint joinPoint, PreventDuplicate preventDuplicate) { Method method = ((MethodSignature) joinPoint.getSignature()).getMethod(); HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()) .getRequest(); // 获取用户ID(从token或session) String userId = getCurrentUserId(request); // 构建唯一标识 String methodName = method.getName(); String className = method.getDeclaringClass().getSimpleName(); String paramsHash = DigestUtils.md5Hex(Arrays.toString(joinPoint.getArgs())); return String.format("lock:submit:%s:%s:%s:%s", userId, className, methodName, paramsHash); }}/** * 业务层使用示例 */@Servicepublic class OrderService { @PreventDuplicate(key = "'order:submit:' + #order.userId", lockTime = 10, message = "订单提交过于频繁,请稍后再试") public OrderResult submitOrder(OrderDTO order) { // 订单业务逻辑 return processOrder(order); }}方案三:数据库唯一约束数据库表设计CREATE TABLE order_submission ( id BIGINT AUTO_INCREMENT PRIMARY KEY, submission_id VARCHAR(64) NOT NULL UNIQUE COMMENT '提交唯一标识', user_id BIGINT NOT NULL COMMENT '用户ID', order_data JSON NOT NULL COMMENT '订单数据', status TINYINT NOT NULL DEFAULT 0 COMMENT '状态', create_time DATETIME DEFAULT CURRENT_TIMESTAMP, update_time DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, INDEX idx_user_submission (user_id, submission_id)) COMMENT '订单提交防重表';CREATE TABLE unique_submission_token ( id BIGINT AUTO_INCREMENT PRIMARY KEY, token VARCHAR(128) NOT NULL UNIQUE COMMENT '唯一令牌', business_type VARCHAR(32) NOT NULL COMMENT '业务类型', user_id BIGINT NOT NULL COMMENT '用户ID', created_at DATETIME DEFAULT CURRENT_TIMESTAMP, INDEX idx_token_business (token, business_type)) COMMENT '唯一提交令牌表';业务层实现@Repositorypublic class OrderSubmissionRepository { /** * 通过唯一约束防止重复提交 */ @Transactional public boolean checkAndSaveSubmission(String submissionId, Long userId, OrderDTO order) { try { // 尝试插入唯一记录 OrderSubmission submission = new OrderSubmission(); submission.setSubmissionId(submissionId); submission.setUserId(userId); submission.setOrderData(JsonUtils.toJson(order)); submission.setStatus(0); orderSubmissionMapper.insert(submission); return true; } catch (DuplicateKeyException e) { // 捕获唯一约束违反异常 log.warn("重复提交被拦截: submissionId={}, userId={}", submissionId, userId); return false; } }}@Service@Slf4jpublic class OrderService { @Autowired private OrderSubmissionRepository submissionRepository; public OrderResult submitOrderWithUniqueCheck(OrderDTO order) { String submissionId = generateSubmissionId(order); if (!submissionRepository.checkAndSaveSubmission(submissionId, order.getUserId(), order)) { throw new BusinessException("请勿重复提交订单"); } // 处理订单业务逻辑 return processOrder(order); } private String generateSubmissionId(OrderDTO order) { return DigestUtils.md5Hex( order.getUserId() + ":" + order.getProductId() + ":" + System.currentTimeMillis() / 1000 / 30 // 30秒时间窗口 ); }}方案对比与选型指南技术方案对比表
高级优化与最佳实践1. 分布式锁优化/** * 红锁RedLock实现(高可用场景) */@Component@Slf4jpublic class RedLockDuplicatePreventer { @Autowired private RedissonClient redissonClient; public <T> T executeWithLock(String lockKey, int lockTime, Supplier<T> supplier) { RLock lock = redissonClient.getLock(lockKey); try { // 尝试获取锁,最多等待2秒,锁定lockTime秒后自动释放 boolean locked = lock.tryLock(2, lockTime, TimeUnit.SECONDS); if (!locked) { throw new BusinessException("操作过于频繁,请稍后再试"); } // 执行业务逻辑 return supplier.get(); } catch (InterruptedException e) { Thread.currentThread().interrupt(); throw new BusinessException("操作被中断"); } finally { if (lock.isHeldByCurrentThread()) { lock.unlock(); } } }}2. 监控与日志记录/** * 防重复提交监控组件 */@Componentpublic class DuplicateSubmitMonitor { private static final MeterRegistry meterRegistry = new SimpleMeterRegistry(); /** * 记录防重拦截统计 */ public void recordIntercept(String module, String userId, String reason) { // 指标统计 Counter.builder("duplicate.submit.intercept") .tag("module", module) .tag("reason", reason) .register(meterRegistry) .increment(); // 日志记录 log.warn("防重复提交拦截: module={}, userId={}, reason={}", module, userId, reason); } /** * 获取拦截统计 */ public Map<String, Double> getInterceptStats() { return meterRegistry.getMeters().stream() .filter(m -> m.getId().getName().equals("duplicate.submit.intercept")) .collect(Collectors.toMap( m -> m.getId().getTag("module"), m -> ((Counter) m).count() )); }}总结
在现代Web应用中,重复提交是常见但危害巨大的问题。用户因网络延迟、页面无反馈或误操作导致的连续提交,可能引发数据不一致、业务逻辑错误等严重后果。本文将系统介绍六种实用的防重复提交方案,涵盖从基础前端防护到分布式后端架构的全场景解决方案。
前端防护方案(用户体验层)1. 按钮状态控制// 提交按钮禁用方案function handleSubmit() { const submitBtn = document.getElementById('submitBtn'); // 检查是否已禁用,防止重复执行 if (submitBtn.disabled) return false; // 禁用按钮并更新状态 submitBtn.disabled = true; submitBtn.textContent = '提交中...'; try { // 执行提交逻辑 await fetch('/api/submit', { method: 'POST', body: JSON.stringify(formData) }); // 成功处理 showSuccessMessage('提交成功'); } catch (error) { // 错误处理 showErrorMessage('提交失败'); } finally { // 恢复按钮状态 submitBtn.disabled = false; submitBtn.textContent = '提交'; }}2. 请求防抖机制// 防抖函数实现function debounce(func, wait, immediate) { let timeout; return function executedFunction(...args) { const later = () => { timeout = null; if (!immediate) func.apply(this, args); }; const callNow = immediate && !timeout; clearTimeout(timeout); timeout = setTimeout(later, wait); if (callNow) func.apply(this, args); };}// 应用防抖到提交函数const debouncedSubmit = debounce(handleSubmit, 1000);document.getElementById('submitBtn').addEventListener('click', debouncedSubmit);后端核心防护方案方案一:Token机制(Session基础版)架构流程图方案类型
适用场景
优点
缺点
推荐指数
前端按钮控制
所有表单场景
实现简单,用户体验好
可被绕过,安全性低
⭐⭐
Token机制
单体应用,表单提交
安全性好,防CSRF
分布式环境需Session共享
⭐⭐⭐
AOP+Redis
分布式系统,高并发
无侵入,支持集群
依赖Redis,复杂度较高
⭐⭐⭐⭐⭐
数据库约束
数据一致性要求高
绝对可靠,简单直接
增加数据库压力
⭐⭐⭐⭐
请求指纹
API接口防护
灵活性强,精度高
计算开销较大
⭐⭐⭐
选型决策流程图防重复提交是保障系统数据一致性的重要措施。在实际项目中,建议根据具体场景选择合适的方案:
基础场景:前端防抖 + 按钮禁用单体应用:Token机制 + Session管理分布式系统:AOP + Redis分布式锁高一致性要求:数据库唯一约束通过组合使用多种方案,可以构建全方位的防重复提交防护体系,确保系统的稳定性和数据的一致性。
转载请注明来自海坡下载,本文标题:《应用程序提交的常见问题有哪些(从基础按钮禁用到分布式AOP)》
京公网安备11000000000001号
京ICP备11000001号
还没有评论,来说两句吧...