咳咳咳 言归正传。来讲讲session超时判断的问题。
一开始我的实现方式是实现HttpSessionBindingListener:
public interface HttpSessionBindingListener extends EventListener {
/**
*
* Notifies the object that it is being bound to
* a session and identifies the session.
*
* @param event the event that identifies the
* session
*
* @see #valueUnbound
*
*/
public void valueBound(HttpSessionBindingEvent event);
/**
*
* Notifies the object that it is being unbound
* from a session and identifies the session.
*
* @param event the event that identifies
* the session
*
* @see #valueBound
*
*/
public void valueUnbound(HttpSessionBindingEvent event);
}
实现该接口后,session超时会调用valueUnbound方法。在方法中设置静态常量boolean值通过AUTH注解的AOP判断该常量的值从而判断session是否失效。然后领导来了一句,如果多用户登陆呢???咳咳 懵逼了。所以方法pass。换个方法
- 用request获取session判断是否为空
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
if (request.getSession(false) == null) {
if (request.getSession(true).isNew()) {
} else {
System.out.println("Session 超时");
throw new Exception("Session time out.");
}
}
可行。结束!代码块放在了auth权限校验的注解AOP中。