How SpringBoot combines Aop+Redis to prevent repeated submission of interfaces
In actual development projects, an externally exposed interface often faces many requests. Let us explain the concept of idempotence: The impact of any multiple executions is the same as the impact of one execution. According to this meaning, the final meaning is that the impact on the database can only be one-time and cannot be processed repeatedly. How to ensure its idempotence usually involves the following methods:
1. Establish a unique index in the database to ensure that only one piece of data is ultimately inserted into the database.
2. Token mechanism. Obtain a token before each interface request, and then add this token to the header body of the request the next time. Verification is performed in the background. If the verification passes, the token is deleted. Next The token is judged again for each request.
3. Pessimistic lock or optimistic lock. Pessimistic lock can ensure that other SQL cannot update data every time for update (when the database engine is innodb, the select condition must be a unique index to prevent the entire table from being locked. )
4. Query first and then judge. First, query the database to see if the data exists. If it exists, it proves that the request has been made, and the request is directly rejected. If it does not exist, it proves that it is the first time to come in, and it is directly released.
Why should we prevent repeated submission of interfaces?
For some sensitive operation interfaces, such as new data interfaces and payment interfaces, if the user improperly clicks the submit button multiple times, these interfaces will be requested multiple times, which may eventually lead to system exceptions.
How can the front end be controlled?
The front end can be controlled through js. When the user clicks the submit button,
1. Set the button to be unclickable for a number of seconds.
2. After the button is clicked, a loading prompt box will pop up to avoid clicking again until the interface request returns. After
3. Click the button to jump to a new page
However, please remember, never trust the user’s behavior, because you don’t know what weird operations the user will do, so the most important thing is It still has to be processed on the back end.
Use aop redis for interception processing
1. Create the aspect class RepeatSubmitAspect
Implementation process: After the interface request, the token request path is used as the key value to read data from redis. If the key can be found, It proves that it was submitted repeatedly, and vice versa. If it is not a repeated submission, it will be released directly, and the key will be written into redis, and set to expire within a certain period of time (I set an expiration of 5s here)
In traditional web projects, in order to prevent For repeated submissions, the usual approach is: the backend generates a unique submission token (uuid) and stores it on the server. When the page initiates a request, it carries the secondary token. The backend deletes the token after verifying the request to ensure the uniqueness of the request.
However, the appeal method requires changes to both the front and back ends. If it is in the early stage of the project, it can be achieved. However, in the later stage of the project, many functions have been implemented and it is impossible to make large-scale changes.
Ideas
1. Customize the annotation @NoRepeatSubmit to mark all requests submitted in the Controller
2. Intercept all methods marked with @NoRepeatSubmit through AOP
3. Execute the business method Before, obtain the current user's token or JSessionId current request address as a unique key to obtain the redis distributed lock. If concurrent acquisition is performed at this time, only one thread can obtain it.
4. After the business is executed, release the lock
About Redis distributed lock
Using Redis is for load balancing deployment. If it is a stand-alone project, you can use a local thread-safe Cache to replace Redis
Code
Custom annotation
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* @ClassName NoRepeatSubmit
* @Description 这里描述
* @Author admin
* @Date 2021/3/2 16:16
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface NoRepeatSubmit {
/**
* 设置请求锁定时间
*
* @return
*/
int lockTime() default 10;
}AOP
package com.hongkun.aop;
/**
* @ClassName RepeatSubmitAspect
* @Description 这里描述
* @Author admin
* @Date 2021/3/2 16:15
*/
import com.hongkun.until.ApiResult;
import com.hongkun.until.Result;
import com.hongkun.until.RedisLock;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
/**
* @author liucheng
* @since 2020/01/15
* 防止接口重复提交
*/
@Aspect
@Component
public class RepeatSubmitAspect {
private static final Logger LOGGER = LoggerFactory.getLogger(RepeatSubmitAspect.class);
@Autowired
private RedisLock redisLock;
@Pointcut("@annotation(noRepeatSubmit)")
public void pointCut(NoRepeatSubmit noRepeatSubmit) {
}
@Around("pointCut(noRepeatSubmit)")
public Object around(ProceedingJoinPoint pjp, NoRepeatSubmit noRepeatSubmit) throws Throwable {
int lockSeconds = noRepeatSubmit.lockTime();
RequestAttributes ra = RequestContextHolder.getRequestAttributes();
ServletRequestAttributes sra = (ServletRequestAttributes) ra;
HttpServletRequest request = sra.getRequest();
Assert.notNull(request, "request can not null");
// 此处可以用token或者JSessionId
String token = request.getHeader("token");
String path = request.getServletPath();
String key = getKey(token, path);
String clientId = getClientId();
boolean isSuccess = redisLock.lock(key, clientId, lockSeconds,TimeUnit.SECONDS);
LOGGER.info("tryLock key = [{}], clientId = [{}]", key, clientId);
if (isSuccess) {
LOGGER.info("tryLock success, key = [{}], clientId = [{}]", key, clientId);
// 获取锁成功
Object result;
try {
// 执行进程
result = pjp.proceed();
} finally {
// 解锁
redisLock.unlock(key, clientId);
LOGGER.info("releaseLock success, key = [{}], clientId = [{}]", key, clientId);
}
return result;
} else {
// 获取锁失败,认为是重复提交的请求
LOGGER.info("tryLock fail, key = [{}]", key);
return ApiResult.success(200, "重复请求,请稍后再试", null);
}
}
private String getKey(String token, String path) {
return "00000"+":"+token + path;
}
private String getClientId() {
return UUID.randomUUID().toString();
}
}The above is the detailed content of How SpringBoot combines Aop+Redis to prevent repeated submission of interfaces. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1666
14
1425
52
1325
25
1272
29
1252
24
How to build the redis cluster mode
Apr 10, 2025 pm 10:15 PM
Redis cluster mode deploys Redis instances to multiple servers through sharding, improving scalability and availability. The construction steps are as follows: Create odd Redis instances with different ports; Create 3 sentinel instances, monitor Redis instances and failover; configure sentinel configuration files, add monitoring Redis instance information and failover settings; configure Redis instance configuration files, enable cluster mode and specify the cluster information file path; create nodes.conf file, containing information of each Redis instance; start the cluster, execute the create command to create a cluster and specify the number of replicas; log in to the cluster to execute the CLUSTER INFO command to verify the cluster status; make
How to clear redis data
Apr 10, 2025 pm 10:06 PM
How to clear Redis data: Use the FLUSHALL command to clear all key values. Use the FLUSHDB command to clear the key value of the currently selected database. Use SELECT to switch databases, and then use FLUSHDB to clear multiple databases. Use the DEL command to delete a specific key. Use the redis-cli tool to clear the data.
How to read redis queue
Apr 10, 2025 pm 10:12 PM
To read a queue from Redis, you need to get the queue name, read the elements using the LPOP command, and process the empty queue. The specific steps are as follows: Get the queue name: name it with the prefix of "queue:" such as "queue:my-queue". Use the LPOP command: Eject the element from the head of the queue and return its value, such as LPOP queue:my-queue. Processing empty queues: If the queue is empty, LPOP returns nil, and you can check whether the queue exists before reading the element.
How to configure Lua script execution time in centos redis
Apr 14, 2025 pm 02:12 PM
On CentOS systems, you can limit the execution time of Lua scripts by modifying Redis configuration files or using Redis commands to prevent malicious scripts from consuming too much resources. Method 1: Modify the Redis configuration file and locate the Redis configuration file: The Redis configuration file is usually located in /etc/redis/redis.conf. Edit configuration file: Open the configuration file using a text editor (such as vi or nano): sudovi/etc/redis/redis.conf Set the Lua script execution time limit: Add or modify the following lines in the configuration file to set the maximum execution time of the Lua script (unit: milliseconds)
How to use the redis command line
Apr 10, 2025 pm 10:18 PM
Use the Redis command line tool (redis-cli) to manage and operate Redis through the following steps: Connect to the server, specify the address and port. Send commands to the server using the command name and parameters. Use the HELP command to view help information for a specific command. Use the QUIT command to exit the command line tool.
How to implement redis counter
Apr 10, 2025 pm 10:21 PM
Redis counter is a mechanism that uses Redis key-value pair storage to implement counting operations, including the following steps: creating counter keys, increasing counts, decreasing counts, resetting counts, and obtaining counts. The advantages of Redis counters include fast speed, high concurrency, durability and simplicity and ease of use. It can be used in scenarios such as user access counting, real-time metric tracking, game scores and rankings, and order processing counting.
How to set the redis expiration policy
Apr 10, 2025 pm 10:03 PM
There are two types of Redis data expiration strategies: periodic deletion: periodic scan to delete the expired key, which can be set through expired-time-cap-remove-count and expired-time-cap-remove-delay parameters. Lazy Deletion: Check for deletion expired keys only when keys are read or written. They can be set through lazyfree-lazy-eviction, lazyfree-lazy-expire, lazyfree-lazy-user-del parameters.
How to optimize the performance of debian readdir
Apr 13, 2025 am 08:48 AM
In Debian systems, readdir system calls are used to read directory contents. If its performance is not good, try the following optimization strategy: Simplify the number of directory files: Split large directories into multiple small directories as much as possible, reducing the number of items processed per readdir call. Enable directory content caching: build a cache mechanism, update the cache regularly or when directory content changes, and reduce frequent calls to readdir. Memory caches (such as Memcached or Redis) or local caches (such as files or databases) can be considered. Adopt efficient data structure: If you implement directory traversal by yourself, select more efficient data structures (such as hash tables instead of linear search) to store and access directory information
