session的生命周期,具体可以参考我转载的一篇文章https://my.oschina.net/shuming/blog/776340
登录失效既是利用session的生命周期,在session失效的时候做一些事,比如跳转到登录页等。需要做的就两件事:
1、在web.xml配置一个监听器
<!-- 过滤器,实现Filter接口,对指定路径下的请求进行session的失效验证,如失效则跳转到登录页面 -->
<filter>
<filter-name>requestFilter</filter-name>
<!-- 文件的全路径 -->
<filter-class>com.hnepsoft.framework.util.RequestFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>requestFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- session有效时间(分钟) -->
<session-config>
<session-timeout>30</session-timeout>
</session-config>
2、监听器的实现类,直接看代码
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.hnepsoft.framework.dao.mybatis.model.UserBean;
/**
* 对指定路径下的请求进行session的失效验证,如失效则跳转到登录页面
* @author Administrator
*
*/
public class RequestFilter implements Filter{
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
//取到url路径的最后一个路径名
String uri = request.getRequestURI();
uri = uri.substring(uri.lastIndexOf("/")+1);
if("".equals(uri) || "reg.jsp".equals(uri) || "regSubmit.do".equals(uri) || "regIndex.do".equals(uri) || "loginSubmit.do".equals(uri) || "login.do".equals(uri) || "loginError.do".equals(uri) || "login.jsp".equals(uri) ||uri.endsWith("png") || uri.endsWith("jpg")|| uri.endsWith("js")|| uri.endsWith("css")) {
//所有人都能请求到的URI,放行
chain.doFilter(request, response);
} else {
//下面是判断是否有session,也就是用户是否已登录状态;
HttpSession session = request.getSession();
UserBean user = (UserBean) session.getAttribute("currentUser");
if(user == null) {
//打印一下访问被拒绝的文件
System.out.println("URI:" + uri + ">>>>访问被拒绝!");
response.sendRedirect("loginError.do");
} else {
chain.doFilter(request, response);
}
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
一般不需要监听的是:登录、注册、图片、js/css文件,其他的,看打印的日志,酌情添加