本文介绍了一个使用Spring MVC实现的拦截器案例,该拦截器用于处理用户登录验证及Session超时的情况。通过配置特定的URL映射规则,实现了对指定路径的访问控制,并对Session超时进行了有效管理。
拦截器:
<!-- 拦截器集合 -->
<mvc:interceptors>
<!-- mvc 登陆鉴权拦截器 -->
<mvc:interceptor>
<!-- 需要拦截的URL -->
<mvc:mapping path="/*/**" />
<bean class="com.suning.rca.common.interceptor.AuthLoginInterceptor">
<!-- 登陆页面 -->
<property name="loginUrl" value="/index.html" />
<!--放行URL配置 -->
<property name="excludeList">
<list>
<value>/login.do</value>
<value>/generateQrCode.do</value>
<value>/doLogin.do</value>
<value>/checkDeviceLogin.do</value>
<value>/index.do</value>
<value>/error.do</value>
<value>/checkPosBindState.do</value>
<value>/logout.do</value>
</list>
</property>
</bean>
</mvc:interceptor>
<!-- session超时 -->
<mvc:interceptor>
<mvc:mapping path="/*/**" />
<bean class="com.suning.sdipospc.interceptor.SessionTimeoutInterceptor">
<property name="allowUrls">
<list>
<!-- 如果请求中包含以下路径,则不进行拦截 -->
<value>/login.do</value>
<value>/generateQrCode.do</value>
<value>/doLogin.do</value>
<value>/checkDeviceLogin.do</value>
<value>/error.do</value>
<value>/checkPosBindState.do</value>
<value>/logout.do</value>
</list>
</property>
</bean>
</mvc:interceptor>
</mvc:interceptors> 拦截器
public class SessionTimeoutInterceptor implements HandlerInterceptor {
private static final Logger LOGGER = LoggerFactory
.getLogger(SessionTimeoutInterceptor.class);
@Autowired
private LoginService loginService;
/**
* 放行URL
*/
private List<String> allowUrls;
public void setAllowUrls(List<String> allowUrls) {
this.allowUrls = allowUrls;
}
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
LOGGER.info("SessionTimeoutInterceptor.preHandle enter.");
String requestUrl = request.getRequestURI().replace(
request.getContextPath(), "");
response.setContentType("text/html; charset=utf-8");
HttpSession session = request.getSession(true);
if (null != allowUrls && allowUrls.size() >= 1)
for (String url : allowUrls) {
if (requestUrl.contains(url)) {
return true;
}
}
Object obj = session.getAttribute(SystemConstants.SEESION_IUSER);
LOGGER.info("====session对象currentUser="+obj);
LOGGER.info("====sessionId="+session.getId());
if (obj == null) {
String loginToken = CookiesUtil.getLoginTokenFromCookie(request);
String userId = CookiesUtil.getLoginUserIdFromCookie(request);
loginService.logout(loginToken, userId);
loginService.operatorLog(WebposConstants.StringCon.TWO,userId);
CookiesUtil.delCookie(request);
CookiesUtil.delOperator(request);
PrintWriter out = response.getWriter();
StringBuilder builder = new StringBuilder();
builder.append("<script type=\"text/javascript\" charset=\"UTF-8\">");
// builder.append("alert(\"页面过期,请重新登录\");");
builder.append("window.top.location.href=\""
+ SystemConstants.LOGIN_URL + "\"");
builder.append("</script>");
out.print(builder.toString());
out.close();
}
// 返回true,则这个方面调用后会接着调用postHandle(), afterCompletion()
return true;
}
@Override
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
LOGGER.info("SessionTimeoutInterceptor.postHandle enter.");
}
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
LOGGER.info("SessionTimeoutInterceptor.afterCompletion enter.");
}
}
web.xml
<session-config>
<session-timeout>15</session-timeout>
<cookie-config>
<path>/</path>
</cookie-config>
</session-config>
扫一扫
5620
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
