在Struts应用中,我们发出的请求都会经过 相应的拦截器进行相关处理,一般都会有一个用户登录拦截(Session失效拦截);一般请求的话,如果Session失效时,我们会跳到登录页面,可是如果我们采用AJAX请求时,将会返回登录页面的HTML代码,这肯定不是我们想要的,那么我们如何解决呢?请看以下步骤:
一、建立拦截器
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
package
com.xxx.planeap.interceptor;
import
javax.servlet.http.HttpServletRequest;
import
javax.servlet.http.HttpServletResponse;
import
org.apache.log4j.Logger;
import
org.apache.struts2.ServletActionContext;
import
com.opensymphony.xwork2.ActionContext;
import
com.opensymphony.xwork2.ActionInvocation;
import
com.opensymphony.xwork2.ActionSupport;
import
com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import
com.xxx.common.contants.ConstantsKey;
import
com.xxx.common.contants.SessionKey;
import
com.xxx.planeap.domain.User;
import
com.xxx.planeap.security.SecurityContextUtil;
/**
*
* @author Goma OMA1989@YEAH.NET
* @version v1.0
* @since 2012-05-31
*
*/
public
class
SecurityInterceptor
extends
AbstractInterceptor {
private
static
final
long
serialVersionUID = 1L;
private
Logger logger = Logger.getLogger(SecurityInterceptor.
class
);
@Override
public
String intercept(ActionInvocation invocation)
throws
Exception {
// TODO Auto-generated method stub
String className = invocation.getAction().getClass().getName();
String action = className.substring(className.lastIndexOf(
"."
)+
1
,className.length());
String actionName = invocation.getProxy().getActionName();
String result;
HttpServletRequest request = ServletActionContext.getRequest();
HttpServletResponse response = ServletActionContext.getResponse();
String type = request.getHeader(
"X-Requested-With"
);
User user = (User) ActionContext.getContext().getSession().get(SessionKey.CURRENT_USER);
if
(user ==
null
) {
logger.debug(
"SECURITY CHECKED: NEED TO LOGIN"
);
if
(
"XMLHttpRequest"
.equalsIgnoreCase(type)) {
// AJAX REQUEST PROCESS
response.setHeader(
"sessionstatus"
, ConstantsKey.MSG_TIME_OUT);
result =
null
;
}
else
{
// NORMAL REQUEST PROCESS
result = ActionSupport.LOGIN;
}
}
else
{
logger.debug(
"SECURITY CHECKED: USER HAS LOGINED"
);
SecurityContextUtil.setCurrentUser(user);
boolean
hanPerm = SecurityContextUtil.hasPerm(action, actionName);
logger.debug(
"SECURITY CHECKED: PERMISSION---"
+action+
"."
+actionName+
"="
+hanPerm);
result = invocation.invoke();
}
return
result;
}
}
|
二、定义全局AJAX请求结束处理方法
1
2
3
4
5
6
7
8
9
10
11
12
|
//全局的AJAX访问,处理AJAX清求时SESSION超时
$.ajaxSetup({
contentType:
"application/x-www-form-urlencoded;charset=utf-8"
,
complete:function(XMLHttpRequest,textStatus){
//通过XMLHttpRequest取得响应头,sessionstatus
var sessionstatus=XMLHttpRequest.getResponseHeader(
"sessionstatus"
);
if
(sessionstatus==
"timeout"
){
//这里怎么处理在你,这里跳转的登录页面
window.location.replace(PlanEap.getActionURI(
"login"
));
}
}
});
|
也就是ajax发送请求时如果拦截返回一个表示就跳转,否则执行正常操作。