spring security session expired issue
2010-05-19 21:12
288 查看
import org.springframework.beans.factory.InitializingBean; import org.springframework.util.Assert; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class SessionExpirationFilter implements Filter, InitializingBean { //~ Instance fields ================================================================================================ private String expiredUrl; //~ Methods ======================================================================================================== public void afterPropertiesSet() throws Exception { Assert.hasText(expiredUrl, "ExpiredUrl required"); } /** * Does nothing. We use IoC container lifecycle services instead. */ public void destroy() {} public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { Assert.isInstanceOf(HttpServletRequest.class, request, "Can only process HttpServletRequest"); Assert.isInstanceOf(HttpServletResponse.class, response, "Can only process HttpServletResponse"); HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; HttpSession session = httpRequest.getSession(false); if (session == null && httpRequest.getRequestedSessionId() != null && !httpRequest.isRequestedSessionIdValid()) { String targetUrl = httpRequest.getContextPath() + expiredUrl; httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl)); return; } chain.doFilter(request, response); } /** * Does nothing. We use IoC container lifecycle services instead. * * @param arg0 ignored * * @throws ServletException ignored */ public void init(FilterConfig arg0) throws ServletException {} public void setExpiredUrl(String expiredUrl) { this.expiredUrl = expiredUrl; } }[code] ------
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login.spring*=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
/**=sessionExpirationFilter,httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
...
<bean id="sessionExpirationFilter" class="SessionExpirationFilter">
<property name="expiredUrl" value="/login.spring?login_error=2"/>
</bean>
...
---------------
<c:if test="${param.login_error == 2}">
<br>
<h2 class="red">Your session has timed out.</h2>
</c:if>
[/code]
相关文章推荐
- What is the best way to handle Invalid CSRF token found in the request when session times out in Spring security
- spring-security+spring-session配置
- springboot+security 动态权限修改session立即失效(六)
- 使用Spring-Security进行登录控制的session问题
- spring session+spring security 实现用户不能重复登录
- springboot+springSecurity+springSessionDataRedis+CAS搭建集群单点登陆系统
- Spring Security session fixation防护和Session的管理和并发
- Spring security invalid-session-url 的坑(配了permitAll仍然跳转到登录页)
- spring security+extjs session超时解决方案 博客分类: 软件架构
- springboot+springSecurity+springSessionDataRedis+CAS搭建集群单点登陆系统
- Spring Security + SWFUpload and the session problem
- NoSuchMethodException org.springframework.security.web.session.ConcurrentSessionFilter.<init>()?
- springboot + security 自定义session过期处理方式
- 关于spring security session失效,ajax报错的解决
- (转)Spring提供的CharacterEncoding和OpenSessionInView功能
- spring 申明事务中的session的打开与关闭
- Spring-Session+Redis集群实现Session共享
- springboot+security整合2
- Spring2.5 访问 Session 属性的四种策略
- SpringMVC+Ibatis+SPring Security开发框架搭建