项目中权限系统使用的是Spring Security2.0,由于对session过期没有过多的支持(Spring Security3.0支持session超时的配置设置),所以只能自己实现。简单的说,也就是通过过滤器拦截请求,判断session是否过期,如果过期跳转登陆界面,否则放行。具体实现如下:
1、web.xml中添加过滤器配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
<!-- SessionTimeout filter -->
<filter>
<filter-name>sessionTimeoutFilter</filter-name>
<filter-
class
>com.ufida.icc.admin.interceptor.SessionTimeoutFilter</filter-
class
>
</filter>
<!-- SpringSecurity filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-
class
>org.springframework.web.filter.DelegatingFilterProxy</filter-
class
>
</filter>
<filter-mapping>
<filter-name>sessionTimeoutFilter</filter-name>
<url-pattern>/admin/work/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
|
2、新建SessionTimeoutFilter类,实现Filter接口。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
package
com.ufida.icc.admin.interceptor;
import
java.io.IOException;
import
java.io.PrintWriter;
import
javax.servlet.Filter;
import
javax.servlet.FilterChain;
import
javax.servlet.FilterConfig;
import
javax.servlet.ServletException;
import
javax.servlet.ServletRequest;
import
javax.servlet.ServletResponse;
import
javax.servlet.http.HttpServletRequest;
import
javax.servlet.http.HttpServletResponse;
import
javax.servlet.http.HttpSession;
public
class
SessionTimeoutFilter
implements
Filter {
public
void
destroy() {
// TODO Auto-generated method stub
}
public
void
doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws
IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpSession session = httpRequest.getSession();
// 登陆url
String loginUrl = httpRequest.getContextPath() +
"/admin/login.jsp"
;
String url = httpRequest.getRequestURI();
String path = url.substring(url.lastIndexOf(
"/"
));
// 超时处理,ajax请求超时设置超时状态,页面请求超时则返回提示并重定向
if
(path.indexOf(
".action"
) != -
1
&& session.getAttribute(
"LOGIN_SUCCESS"
) ==
null
) {
// 判断是否为ajax请求
if
(httpRequest.getHeader(
"x-requested-with"
) !=
null
&& httpRequest.getHeader(
"x-requested-with"
)
.equalsIgnoreCase(
"XMLHttpRequest"
)) {
httpResponse.addHeader(
"sessionstatus"
,
"timeOut"
);
httpResponse.addHeader(
"loginPath"
, loginUrl);
chain.doFilter(request, response);
// 不可少,否则请求会出错
}
else
{
String str =
"<script language='javascript'>alert('会话过期,请重新登录');"
+
"window.top.location.href='"
+ loginUrl
+
"';</script>"
;
response.setContentType(
"text/html;charset=UTF-8"
);
// 解决中文乱码
try
{
PrintWriter writer = response.getWriter();
writer.write(str);
writer.flush();
writer.close();
}
catch
(Exception e) {
e.printStackTrace();
}
}
}
else
{
chain.doFilter(request, response);
}
}
@Override
public
void
init(FilterConfig arg0)
throws
ServletException {
// TODO Auto-generated method stub
}
}
|
3、客户端JS,用于ajax请求session超时
1
2
3
4
5
6
7
8
9
10
11
12
|
<script type=
"text/javascript"
>
$(document).ajaxComplete(function(event, xhr, settings) {
if
(xhr.getResponseHeader(
"sessionstatus"
)==
"timeOut"
){
if
(xhr.getResponseHeader(
"loginPath"
)){
alert(
"会话过期,请重新登陆!"
);
window.location.replace(xhr.getResponseHeader(
"loginPath"
));
}
else
{
alert(
"请求超时请重新登陆 !"
);
}
}
});
</script>
|