简单的超时登录验证功能

“泻水置平地，各自东西南北流”

序

项目中经常会用到超时登录的功能，比如说，登录上去之后，20分钟或者半个小时没有操作的话，再刷新就会提示重新登录；

实现

1. 在web.xml中添加过滤器：

	<filter>
		<filter-name>permissionChecksFilter</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
		<init-param>
			<param-name>targetFilterLifecycle</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>permissionChecksFilter</filter-name>
		<url-pattern>*.jsp</url-pattern>
	</filter-mapping>
	<filter-mapping>
		<filter-name>permissionChecksFilter</filter-name>
		<url-pattern>/controller/*</url-pattern>
	</filter-mapping>

2. 注册过滤器：

<!-- Session检查Filter -->
	<bean id="permissionChecksFilter" class="cn.arunner.web.filter.PermissionChecksFilter">
		<property name="cacheUtil" ref="cacheUtil"></property>
	</bean>

3. 编写过滤器代码

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    	//获取主页面地址
        this.mainPageUrls = ((String)this.cacheUtil.getSysParamVal("main_page_urls", String.class, "")).split(";");
        //获取校验排除的地址
        this.excludeFilterUrls = ((String)this.cacheUtil.getSysParamVal("exclude_filter_check_urls", String.class, "")).split(";");
        //获取登录页面的地址
        this.loginPageUrl = (String)this.cacheUtil.getSysParamVal("login_page_url", String.class, "login.jsp");
        //获取没权限页面地址
        this.noPermissionPageUrl = (String)this.cacheUtil.getSysParamVal("no_permission_page_url", String.class, "error/nopermission.html");
        HttpServletRequest req = (HttpServletRequest)request;
        HttpServletResponse res = (HttpServletResponse)response;
        response.setContentType("text/html");
        response.setCharacterEncoding("UTF-8");
        HttpSession session = req.getSession(true);
        String path = req.getRequestURI();
        String projectname = req.getContextPath();
        //从session中虎丘当前用户信息，该用户信息在用户登录时存入，下面介绍
        Object userObj = session.getAttribute("http_session_atribute_current_user_info");
        if (!path.equals(projectname + "/") && !this.checkUrl(projectname, path, this.excludeFilterUrls)) {
        //如果从session中获取的对象为空，则提示登录超时
            if (userObj == null) {
                PrintWriter out = res.getWriter();
                out.write("<div style='margin-right: auto;margin-left: auto;width: 640px;margin-top: 100px;' align=\"center\"><div style='padding-top: 10px;padding-right: 14px;padding-bottom: 10px;padding-left: 14px;border: 1px solid #CCCCCC;'><div style='background-color: #F5F5F5;padding-top: 18px;padding-right: 40px;padding-bottom: 18px;padding-left: 40px;font-family: Tahoma;'><h1 style='font-size: 24px;font-weight: bolder;margin-bottom: 5px;text-align: center;padding-bottom: 10px;'>登录超时，5秒后将自动跳转<a target='_parent' href='" + projectname + "/" + this.loginPageUrl.split(";")[0] + "' style='color:orange'  onmouseleave='this.style.color=\"orange\"' onmouseover='this.style.color=\"red\"'>登录页面</a></h1></div></div></div><script>setTimeout('parent.location=\"" + projectname + "/" + this.loginPageUrl.split(";")[0] + "\"',5000)</script>");
            } else {
            	//判断当前用户是否用权限查看当前页面，如果没有，则提示无权限
                if (!this.checkUrl(projectname, path, this.mainPageUrls)) {
                //获取用户拥有的菜单信息
                    Map menus = (Map)session.getAttribute("http_session_atribute_all_menu_info");
                    String tempPath = path.substring(projectname.length() + 1);
                    if (menus.containsKey(tempPath) && menus.get(tempPath) == null) {
                        PrintWriter out = res.getWriter();
                        int noPermissionGoType = (Integer)this.cacheUtil.getSysParamVal("no_permission_go_type", Integer.class, 0);
                        if (noPermissionGoType == 0) {
                            out.print("<script>parent.location='" + projectname + "/" + this.noPermissionPageUrl + "';</script>");
                        } else {
                            out.print("<script>location='" + projectname + "/" + this.noPermissionPageUrl + "';</script>");
                        }

                        return;
                    }
                }

                chain.doFilter(request, response);
            }
        } else {
            chain.doFilter(request, response);
        }
    }

4. 把用户信息存入缓存

			CurrentUserBean sysUser = (CurrentUserBean) map.get("currentSysUser");

			sysUser.setLogintime(new Date());
			sysUser.setIndex(index);
			sysUser.setSessionid(session.getId());
			sysUser.setServername(request.getLocalAddr() + ":"
					+ request.getLocalPort());
			sysUser.setExplorer(CommonUtils.getClientExplorerType(request));
			sysUser.setLoginip(request.getRemoteAddr());

			session.removeAttribute("http_session_atribute_current_user_info");
			//设置当前用户信息（这里也可以设置缓存的过期时间，不设置默认就是半个小时：session.setMaxInactiveInterval(30*60);//以秒为单位，即在没有活动30分钟后，session将失效）
			session.setAttribute("http_session_atribute_current_user_info",
					sysUser);
		//设置当前用户的权限信息
			session.setAttribute("http_session_atribute_all_menu_info",
					buildAllMenu((List) map.get("allMenuList")));

5. 设置缓存过期时间的三种方式：

• 在Tomcat中设置：
  在tomcat-7.0\conf\web.xml中设置，以下是tomcat7.0中默认配置：

<session-config>
<session-timeout>30</session-timeout>
</session-config>

• 在工程的web.xml中设置（单位是分钟）

<session-config>
<session-timeout>15</session-timeout>
</session-config>

• 在Java中设置

session.setMaxInactiveInterval(30*60);//以秒为单位，即在没有活动30分钟后，session将失效