一、说明
1、网站系统登录,从安全的角度来考虑,登录会话超时,再次页面会退到登录界面。
2、本文配置如何通过过滤器(Filter)实现会话超时(如30分钟)跳转到登录页面,分LoginFilter.java类和web.xml配置两部分。
二、实现代码
过滤器类LoginFilter.java
package com.sale.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* @author 作者:Justin
* @version 创建时间:2018年1月25日 上午10:36:23
* 类说明
*/
public class LoginFilter implements Filter {
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpReq=(HttpServletRequest)req;
HttpServletResponse httpRes=(HttpServletResponse)res;
HttpSession httpSession=httpReq.getSession();
String path = httpReq.getRequestURI(); //当前请求相对url
String loginUrl = httpReq.getContextPath()+ "/loginout.action"; //1.登录界面url
String initUrl = httpReq.getContextPath()+ "/tevo_loginInit.action"; //2.初始化界面url
String userName = (String)httpSession.getAttribute("currentUsername"); //在session中获取当前用户名
// 1、登陆页面、初始化页面不过滤
if(loginUrl.equals(path) || initUrl.equals(path)) {
chain.doFilter(req, res);
return;
}
//
if(userName==null){
httpRes.sendRedirect(loginUrl);
return;
}else{
chain.doFilter(req, res);
return;
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
web.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<!-- configure loginFilter -->
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>com.sale.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>
<!-- configure session timeout 30 minute -->
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</web-app>