package com.anxiesoft.util;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
public class SessionFilter implements Filter {
private Map<String,Long> sessions;
private String loginedCode;
LogHelper log = new LogHelper(this.getClass());
@Override
public void destroy() {
log.info("..........destroy..............");
if (sessions != null) {
sessions.clear();
sessions = null;
}
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpSession session = request.getSession();
String sessionId = session.getId();
String url = request.getRequestURL().toString();
String queryString = request.getQueryString();
Map parameterMap = request.getParameterMap();
log.info("来自Ip[" + request.getRemoteAddr() + "]的sessionId:" + sessionId);
RequestDispatcher dispatcher = request.getRequestDispatcher("/admin/util/session.jsp");
if (StringUtils.isNotEmpty(url)) {
if (url.contains("/admin/login.do")) {
if ("act=logout".equals(queryString)) {
sessions.remove(sessionId);
chain.doFilter(req, resp);
return;
}
if (parameterMap.size() == 0) {
chain.doFilter(req, resp);
return;
}
if (parameterMap.size() == 4) {
Long logintime = NumberUtils.toLong(request.getParameter("logintime"));
if (!sessions.containsKey(sessionId)) {
sessions.put(sessionId,logintime);
loginedCode = (String) session.getAttribute(Constants.SESSION_VERIFYCODE);
chain.doFilter(req, resp);
return;
} else {
if (UsersSession.getInstance().getUserid(request) == null) {
sessions.remove(sessionId);
chain.doFilter(req, resp);
return;
}else{
Long sessionLoginTime = sessions.get(sessionId);
if(sessionLoginTime.intValue()==logintime.intValue()){
chain.doFilter(req, resp);
return;
}else{
session.setAttribute(Constants.SESSION_VERIFYCODE, loginedCode);
dispatcher.forward(req, resp);
return;
}
}
}
}
} else {
chain.doFilter(req, resp);
return;
}
} else {
log.error("web服务器崩溃。。。");
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
log.info("..........init..............");
sessions = new HashMap<String,Long>();
}
}
表单提交时,需要提交用户名、密码、验证码、登录时间共4个参数。