一,首先在登录页面加入以下代码,作用是使用ifrme等加载页面时,跳转登录页面会嵌套在框架内,让登录页面全屏
<script language="JavaScript"> if (window != top) { top.location.href = location.href; } </script>
二,在web.xml中配置过滤器,过滤所有的action判断session是否过期
<!-- session过滤器配置相关 --> <filter> <filter-name>SessionFilter</filter-name> <filter-class>com.wonders.filter.SessionFilter</filter-class> </filter> <filter-mapping> <filter-name>SessionFilter</filter-name> <url-pattern>*.action</url-pattern> <!--<dispatcher>FORWARD</dispatcher>--> <!--在这种情况下,如果请求是以/contract/…或者/user/…开头的,并且是通过request dispatcher的forward方法传递过来或者直接从客户端传递过来的,则必须经过这个过滤器。--> <!--<dispatcher>REQUEST</dispatcher>--> </filter-mapping>
三,相关的过滤类
该类中主要判断action是否是生成验证码和跳转到登录页面的类,如果是以上两个类则不过滤,否则无法显示登录页面和验证码,除此以外的都可以过滤
import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.wonders.admin.model.User; import org.apache.shiro.SecurityUtils; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; public class SessionFilter implements Filter { @Override public void destroy() { // 过滤器销毁,一般是释放资源 } /** * 某些url需要登陆才能访问(session验证过滤器) */ @Override public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) arg0; HttpServletResponse response = (HttpServletResponse) arg1; // HttpSession session = request.getSession(); //判断session是否过期 HttpServletRequest sr = (HttpServletRequest) request; String strURL = sr.getRequestURL().toString(); //此处是判断url如果是登录页面和生成验证码的action则不执行过滤 if (strURL.indexOf("/code.action") == -1 && strURL.indexOf("/login.action")== -1) { //获得session判断是否存在 Subject currentUser = SecurityUtils.getSubject(); Session session = currentUser.getSession(); User user =(User)session.getAttribute("user"); if (user == null) { String errors = "您还没有登录,或者session已过期。请先登陆!"; request.setAttribute("Message", errors); //跳转至登录页面 request.getRequestDispatcher("/login.jsp").forward(request, response); } else { arg2.doFilter(request, response); } } else { arg2.doFilter(request, response); } } @Override public void init(FilterConfig arg0) throws ServletException { // 初始化操作,读取web.xml中过滤器配置的初始化参数,满足你提的要求不用此方法 } }
通过以上过滤就可判断session过期时自动跳转到登录页面,而不是点击操作时没反应。