1、在Spring配置文件中配置对应的拦截器,下面是我的拦截器配置
<!-- 拦截器配置 -->
<mvc:interceptors>
<!-- session超时 -->
<mvc:interceptor>
<mvc:mapping path="/*/*" />
<bean class="tm.change.www.interceptor.SessionTimeoutInterceptor">
<property name="allowUrls">
<list>
<!-- 如果请求中包含以下路径,则不进行拦截 -->
<value>/login</value>
<value>/js</value>
<value>/css</value>
<value>/image</value>
<value>/images</value>
</list>
</property>
</bean>
</mvc:interceptor>
</mvc:interceptors>
2、写出对应的sessionTimeoutInterceptor类
/**
* session拦截器
*
* @author tianyong
*
*/
public class SessionTimeoutInterceptor implements HandlerInterceptor {
public String[] allowUrls;// 还没发现可以直接配置不拦截的资源,所以在代码里面来排除
public void setAllowUrls(String[] allowUrls) {
this.allowUrls = allowUrls;
}
@Override
public void afterCompletion(HttpServletRequest arg0,
HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
// TODO Auto-generated method stub
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, ModelAndView arg3) throws Exception {
// TODO Auto-generated method stub
}
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object arg2) throws Exception {
String requestUrl = request.getRequestURI().replace(request.getContextPath(), "");
// System.out.println(requestUrl);
if (null != allowUrls && allowUrls.length >= 1)
for (String url : allowUrls) {
if (requestUrl.contains(url)) {
return true;
}
}
User user = (User) request.getSession().getAttribute("user");
if (user != null) {
return true; // 返回true,则这个方面调用后会接着调用postHandle(), afterCompletion()
} else {
// 未登录 跳转到登录页面
throw new SessionTimeoutException();// 返回到配置文件中定义的路径
}
}
}
3、因为未登录的时候我们抛出了一个错误,我们可以在配置文件中拦截这个错误,已完成session销毁跳转
<!-- 自定义异常处理,SimpleMappingExceptionResolver这个类可以是个空类,但是要写,方便在java代码里面使用 -->
<bean id="exceptionResolver"
class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="exceptionMappings">
<props>
<prop key="tm.change.www.interceptor.SessionTimeoutException">redirect:../index.jsp</prop>
</props>
</property>
</bean>
而SessionTimeoutException只有一个类的壳子就行,继承exception,主要作用是出错之后跳转到index页面
4、此方法在iframe中登录页面将会在子窗口中打开,这是一个问题,还没有解决
5、另一种方法如下
/**
* spring拦截器
* @author tianyong
*
*/
public class SecurityInterceptor implements HandlerInterceptor{
public String[] allowUrls;// 还没发现可以直接配置不拦截的资源,所以在代码里面来排除
public void setAllowUrls(String[] allowUrls) {
this.allowUrls = allowUrls;
}
@Override
public void afterCompletion(HttpServletRequest arg0,
HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
// TODO Auto-generated method stub
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, ModelAndView arg3) throws Exception {
// TODO Auto-generated method stub
}
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object arg2) throws Exception {
String requestUrl = request.getRequestURI().replace(request.getContextPath(), "");
response.setContentType("text/html; charset=utf-8");
HttpSession session = request.getSession(true);
// System.out.println(requestUrl);
if (null != allowUrls && allowUrls.length >= 1)
for (String url : allowUrls) {
if (requestUrl.contains(url)) {
return true;
}
}
Object obj = session.getAttribute(SystemConstants.SEESION_IUSER);
if (obj == null || "".equals(obj.toString())) {
// throw new SessionTimeoutException();// 返回到配置文件中定义的路径
// response.sendRedirect(SystemConstants.LOGIN_URL);
PrintWriter out = response.getWriter();
StringBuilder builder = new StringBuilder();
builder.append("<script type=\"text/javascript\" charset=\"UTF-8\">");
builder.append("alert(\"页面过期,请重新登录\");");
builder.append("window.top.location.href=\""+SystemConstants.LOGIN_URL+"\"");
builder.append("</script>");
out.print(builder.toString());
out.close();
}
return true; // 返回true,则这个方面调用后会接着调用postHandle(), afterCompletion()
}
以上解决了iframe中登录页面出现位置错误问题,当session超时时候用js强制跳转到登录页面中