简单实现,如果session失效就返回到登录页面。使用Filter,同时过滤对静态页面和controller的访问,并且ajax请求也能跳转。
1. web.xml配置
<filter>
<filter-name>loginfilter</filter-name>
<filter-class>
com.lty.ebus.custom.filters.CheckLoginFilter</filter-class>
<init-param>
<param-name>rootPath</param-name>
<param-value>/login.jsp</param-value>
</init-param>
</filter>
<!-- 所有需要session才能访问的JSP或HTML页面均放在webviews下-->
<filter-mapping>
<filter-name>loginfilter</filter-name>
<url-pattern>/webviews/*</url-pattern>
</filter-mapping>
<!-- 过滤controller -->
<filter-mapping>
<filter-name>loginfilter</filter-name>
<url-pattern>/webapp/*</url-pattern>
</filter-mapping>
2. 过滤器
package com.lty.ebus.custom.filters;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.util.StringUtils;
import com.lty.ebus.common.constants.SysGlobalConstants;
import com.lty.ebus.common.redis.RedisHelper;
/**
* @Title: CheckLoginFilter.java
* @Package com.lantaiyuan.ebus.custom.interceptors
* @Description:
* @author yangyang
* @date 2016年12月20日 下午2:14:06
* @version v1.0
*/
public class CheckLoginFilter implements Filter {
private String rootPath;
public void destroy() {
if (!StringUtils.isEmpty(rootPath)) {
this.rootPath = null;
}
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
Object session = RedisHelper.get(SysGlobalConstants.SESSIONID.concat(request.getSession().getId()));
String uri = request.getRequestURI().toLowerCase();
if (StringUtils.isEmpty(session) && uri.indexOf("login") < 0 && uri.indexOf("logout") < 0) {
// 设置header,便于ajax请求做处理
response.setHeader("sessionstatus", "timeout");
response.setContentType("text/html;charset=UTF-8");
response.getWriter()
.println("<script language='javascript'>if(window.opener==null){window.top.location.href='"
+ rootPath + "';}else{window.opener.top.location.href='" + rootPath
+ "';window.close();}</script>");
} else {
chain.doFilter(req, res);
}
}
public void init(FilterConfig con) throws ServletException {
this.rootPath = con.getServletContext().getContextPath().concat(con.getInitParameter("rootPath"));
}
}
非ajax请求到这一步就可以了,ajax请求还需要继续往下看
3. ajax请求
新建一个js文件,内容如下
/**
* 设置未来(全局)的AJAX请求默认选项
* 主要设置了AJAX请求遇到Session过期的情况
*/
var appName = $("#appName").val();
$.ajaxSetup({
complete: function(xhr,status) {
var sessionStatus = xhr.getResponseHeader('sessionstatus');
if(sessionStatus == 'timeout') {
var top = getTopWinow();
top.location.href = appName + '/login.jsp';
}
}
});
/**
* 在页面中任何嵌套层次的窗口中获取顶层窗口
* @return 当前页面的顶层窗口对象
*/
function getTopWinow(){
var p = window;
while(p != p.parent){
p = p.parent;
}
return p;
}
该js文件需要被引入到有ajax请求(对session有要求)的页面中
此时就大功告成啦!
4. 补充说明
一开始出错,是因为filter写成了这样:
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
Object session = RedisHelper.get(SysGlobalConstants.SESSIONID.concat(request.getSession().getId()));
String uri = request.getRequestURI().toLowerCase();
if (StringUtils.isEmpty(session) && uri.indexOf("login") < 0 && uri.indexOf("logout") < 0) {
String header = ((HttpServletRequest)req).getHeader("x-requested-with");
if(!StringUtils.isEmpty(header) && header.equalsIgnoreCase("XMLHttpRequest")) { // ajax请求
response.setHeader("sessionstatus", "timeout");
}else {
response.setContentType("text/html;charset=UTF-8");
response.getWriter()
.println("<script language='javascript'>if(window.opener==null){window.top.location.href='"
+ rootPath + "';}else{window.opener.top.location.href='" + rootPath
+ "';window.close();}</script>");
}
} else {
chain.doFilter(req, res);
}
}
ajax请求并没有停止本身的处理过程,还会继续,又请求不到数据,就会一直报undefined错误。后来干脆不再区分是否是ajax请求,都加上header,都用response输出内容,就能正常执行了。js也不是很好,不太明白原理,先记下,希望有朝一日能搞清楚吧^_^