“泻水置平地,各自东西南北流”
序
项目中经常会用到超时登录的功能,比如说,登录上去之后,20分钟或者半个小时没有操作的话,再刷新就会提示重新登录;
实现
- 在web.xml中添加过滤器:
<filter>
<filter-name>permissionChecksFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>permissionChecksFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>permissionChecksFilter</filter-name>
<url-pattern>/controller/*</url-pattern>
</filter-mapping>
- 注册过滤器:
<!-- Session检查Filter -->
<bean id="permissionChecksFilter" class="cn.arunner.web.filter.PermissionChecksFilter">
<property name="cacheUtil" ref="cacheUtil"></property>
</bean>
- 编写过滤器代码
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
//获取主页面地址
this.mainPageUrls = ((String)this.cacheUtil.getSysParamVal("main_page_urls", String.class, "")).split(";");
//获取校验排除的地址
this.excludeFilterUrls = ((String)this.cacheUtil.getSysParamVal("exclude_filter_check_urls", String.class, "")).split(";");
//获取登录页面的地址
this.loginPageUrl = (String)this.cacheUtil.getSysParamVal("login_page_url", String.class, "login.jsp");
//获取没权限页面地址
this.noPermissionPageUrl = (String)this.cacheUtil.getSysParamVal("no_permission_page_url", String.class, "error/nopermission.html");
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
response.setContentType("text/html");
response.setCharacterEncoding("UTF-8");
HttpSession session = req.getSession(true);
String path = req.getRequestURI();
String projectname = req.getContextPath();
//从session中虎丘当前用户信息,该用户信息在用户登录时存入,下面介绍
Object userObj = session.getAttribute("http_session_atribute_current_user_info");
if (!path.equals(projectname + "/") && !this.checkUrl(projectname, path, this.excludeFilterUrls)) {
//如果从session中获取的对象为空,则提示登录超时
if (userObj == null) {
PrintWriter out = res.getWriter();
out.write("<div style='margin-right: auto;margin-left: auto;width: 640px;margin-top: 100px;' align=\"center\"><div style='padding-top: 10px;padding-right: 14px;padding-bottom: 10px;padding-left: 14px;border: 1px solid #CCCCCC;'><div style='background-color: #F5F5F5;padding-top: 18px;padding-right: 40px;padding-bottom: 18px;padding-left: 40px;font-family: Tahoma;'><h1 style='font-size: 24px;font-weight: bolder;margin-bottom: 5px;text-align: center;padding-bottom: 10px;'>登录超时,5秒后将自动跳转<a target='_parent' href='" + projectname + "/" + this.loginPageUrl.split(";")[0] + "' style='color:orange' onmouseleave='this.style.color=\"orange\"' onmouseover='this.style.color=\"red\"'>登录页面</a></h1></div></div></div><script>setTimeout('parent.location=\"" + projectname + "/" + this.loginPageUrl.split(";")[0] + "\"',5000)</script>");
} else {
//判断当前用户是否用权限查看当前页面,如果没有,则提示无权限
if (!this.checkUrl(projectname, path, this.mainPageUrls)) {
//获取用户拥有的菜单信息
Map menus = (Map)session.getAttribute("http_session_atribute_all_menu_info");
String tempPath = path.substring(projectname.length() + 1);
if (menus.containsKey(tempPath) && menus.get(tempPath) == null) {
PrintWriter out = res.getWriter();
int noPermissionGoType = (Integer)this.cacheUtil.getSysParamVal("no_permission_go_type", Integer.class, 0);
if (noPermissionGoType == 0) {
out.print("<script>parent.location='" + projectname + "/" + this.noPermissionPageUrl + "';</script>");
} else {
out.print("<script>location='" + projectname + "/" + this.noPermissionPageUrl + "';</script>");
}
return;
}
}
chain.doFilter(request, response);
}
} else {
chain.doFilter(request, response);
}
}
- 把用户信息存入缓存
CurrentUserBean sysUser = (CurrentUserBean) map.get("currentSysUser");
sysUser.setLogintime(new Date());
sysUser.setIndex(index);
sysUser.setSessionid(session.getId());
sysUser.setServername(request.getLocalAddr() + ":"
+ request.getLocalPort());
sysUser.setExplorer(CommonUtils.getClientExplorerType(request));
sysUser.setLoginip(request.getRemoteAddr());
session.removeAttribute("http_session_atribute_current_user_info");
//设置当前用户信息(这里也可以设置缓存的过期时间,不设置默认就是半个小时:session.setMaxInactiveInterval(30*60);//以秒为单位,即在没有活动30分钟后,session将失效)
session.setAttribute("http_session_atribute_current_user_info",
sysUser);
//设置当前用户的权限信息
session.setAttribute("http_session_atribute_all_menu_info",
buildAllMenu((List) map.get("allMenuList")));
- 设置缓存过期时间的三种方式:
- 在Tomcat中设置:
在tomcat-7.0\conf\web.xml中设置,以下是tomcat7.0中默认配置:
<session-config>
<session-timeout>30</session-timeout>
</session-config>
- 在工程的web.xml中设置(单位是分钟)
<session-config>
<session-timeout>15</session-timeout>
</session-config>
- 在Java中设置
session.setMaxInactiveInterval(30*60);//以秒为单位,即在没有活动30分钟后,session将失效