您的位置:首页 > 编程语言 > Java开发

SpringSecurity2 session超时跳转登陆界面

2014-01-08 16:17 435 查看
项目中权限系统使用的是Spring Security2.0,由于对session过期没有过多的支持(Spring Security3.0支持session超时的配置设置),所以只能自己实现。简单的说,也就是通过过滤器拦截请求,判断session是否过期,如果过期跳转登陆界面,否则放行。具体实现如下:

1、web.xml中添加过滤器配置

<!-- SessionTimeout filter -->
<filter>
	<filter-name>sessionTimeoutFilter</filter-name>
	<filter-class>com.ufida.icc.admin.interceptor.SessionTimeoutFilter</filter-class>
</filter>

<!-- SpringSecurity filter -->
<filter>
	<filter-name>springSecurityFilterChain</filter-name>
	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
	<filter-name>sessionTimeoutFilter</filter-name>
	<url-pattern>/admin/work/*</url-pattern>
</filter-mapping>
<filter-mapping>
	<filter-name>springSecurityFilterChain</filter-name>
	<url-pattern>/admin/*</url-pattern>
</filter-mapping>


注意:处理session过期的SessionTimeout filter要放在权限系统SpringSecurity filter之前。

2、新建SessionTimeoutFilter类,实现Filter接口。

package com.ufida.icc.admin.interceptor;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class SessionTimeoutFilter implements Filter {

	public void destroy() {
		// TODO Auto-generated method stub

	}

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest httpRequest = (HttpServletRequest) request;
		HttpServletResponse httpResponse = (HttpServletResponse) response;
		HttpSession session = httpRequest.getSession();
		// 登陆url
		String loginUrl = httpRequest.getContextPath() + "/admin/login.jsp";

		String url = httpRequest.getRequestURI();
		String path = url.substring(url.lastIndexOf("/"));
		// 超时处理,ajax请求超时设置超时状态,页面请求超时则返回提示并重定向
		if (path.indexOf(".action") != -1
				&& session.getAttribute("LOGIN_SUCCESS") == null) {
			// 判断是否为ajax请求
			if (httpRequest.getHeader("x-requested-with") != null
					&& httpRequest.getHeader("x-requested-with")
							.equalsIgnoreCase("XMLHttpRequest")) {
				httpResponse.addHeader("sessionstatus", "timeOut");
				httpResponse.addHeader("loginPath", loginUrl);
				chain.doFilter(request, response);// 不可少,否则请求会出错
			} else {
				String str = "<script language='javascript'>alert('会话过期,请重新登录');"
						+ "window.top.location.href='"
						+ loginUrl
						+ "';</script>";
				response.setContentType("text/html;charset=UTF-8");// 解决中文乱码
				try {
					PrintWriter writer = response.getWriter();
					writer.write(str);
					writer.flush();
					writer.close();
				} catch (Exception e) {
					e.printStackTrace();
				}
			}
		} else {
			chain.doFilter(request, response);
		}
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub

	}
}


3、客户端JS,用于ajax请求session超时

<script type="text/javascript">
$(document).ajaxComplete(function(event, xhr, settings) {  
    if(xhr.getResponseHeader("sessionstatus")=="timeOut"){  
        if(xhr.getResponseHeader("loginPath")){
        	alert("会话过期,请重新登陆!");
            window.location.replace(xhr.getResponseHeader("loginPath"));  
        }else{  
            alert("请求超时请重新登陆 !");  
        }  
    }  
});  
</script>
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航