java web工程,过滤器判断session失效
2014-03-16 14:15
441 查看
通常情况下,java web项目都是通过过滤器来判断session是否失效。下面做了一个例子,实现过滤器验证用户的会话是否丢失。
web.xml中的配置:
[html]
view plaincopy
<filter>
<filter-name>filter</filter-name>
<filter-class>com.zyujie.common.LoginFilter</filter-class>
</filter>
<!-- servlet规范,不能以/*.jsp这样的结尾,写全,或者写成/app/*,这样的才行 -->
<filter-mapping>
<filter-name>filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
过滤器类:
[java]
view plaincopy
package com.zyujie.common;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginFilter implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession();
// 如果session不为空,则可以浏览其他页面
String url = request.getServletPath();
System.out.println(url);
//这里判断目录,后缀名,当然也可以写在web.xml中,用url-pattern进行拦截映射
if ((!request.getServletPath().equals("/login.action"))
&& (!request.getServletPath().equals("/login.jsp"))
&& (!request.getServletPath().equals("/relogin.jsp"))
&& (!request.getServletPath().equals("/jquery-1.8.0.min.js"))) {
System.out.println(request.getServletPath());
if (session.getAttribute("userInfo") == null) {
session.invalidate();
response.setContentType("text/html;charset=gb2312");
PrintWriter out = response.getWriter();
out.println("<script language='javascript' type='text/javascript'>");
out.println("alert('由于你长时间没有操作,导致Session失效!请你重新登录!');window.location.href='" + request.getContextPath() + "/relogin.jsp'");
out.println("</script>");
} else {
chain.doFilter(request, response);
}
} else {
chain.doFilter(request, response);
}
}
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
做了一个测试:所有的ajax请求,都不能过滤,也不知道为什么。如果ajax要进行session判断的话,可以通过拦截器:代码如下:(ajax请求不能跳转页面,不知道怎么实现这种ajax请求,session丢失,页面跳转。)
struts2配置,拦截器:
[html]
view plaincopy
<package name="myInterceptors" namespace="/system/login" extends="struts-default">
<interceptors>
<interceptor name="timer" class="com.zyujie.common.TimerInterceptor" />
<interceptor name="logger" class="com.zyujie.common.LoggerInterceptor" />
<interceptor name="sessionFilter" class="com.zyujie.common.SessionFilterInterceptor" />
</interceptors>
<action name="userLogin" class="userLoginAction" method="userLogin">
<interceptor-ref name="logger" />
<interceptor-ref name="timer" />
<result name="input" type="redirect">/login.jsp</result>
<result name="success" type="redirect">/ok.jsp</result>
</action>
<action name="getSession" class="userLoginAction" method="getSession">
<result name="input" type="redirect">/login.jsp</result>
</action>
<action name="reLogin" class="userLoginAction" method="reLogin">
<result name="input" type="redirect">/relogin.jsp</result>
<result name="success" type="redirect">/ok.jsp</result>
</action>
<action name="testSession" class="userLoginAction" method="testSession">
<interceptor-ref name="sessionFilter" />
<result name="input" type="redirect">/login.jsp</result>
<result name="success" type="redirect">/ok.jsp</result>
</action>
</package>
拦截类:
[java]
view plaincopy
package com.zyujie.common;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts2.ServletActionContext;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class SessionFilterInterceptor extends AbstractInterceptor {
@Override
public String intercept(ActionInvocation invocation) throws Exception {
HttpSession session = ServletActionContext.getRequest().getSession();
if(session.getAttribute("userInfo") == null){
// HttpServletResponse response = ServletActionContext.getResponse();
// ServletActionContext.getResponse().sendRedirect(Action.INPUT);
// session.invalidate();
// response.setContentType("text/html;charset=gb2312");
// PrintWriter out = response.getWriter();
// out.println("<script language='javascript' type='text/javascript'>");
// out.println("alert('由于你长时间没有操作,导致Session失效!请你重新登录!');window.location.href='/login.jsp'");
// out.println("</script>");
// return "none";
return Action.INPUT;
}else{
return invocation.invoke();
}
}
}
对于ajax的请求,不能跳转页面。很多人说的,还是只有在页面端判断返回值,进行跳转。
web.xml中的配置:
[html]
view plaincopy
<filter>
<filter-name>filter</filter-name>
<filter-class>com.zyujie.common.LoginFilter</filter-class>
</filter>
<!-- servlet规范,不能以/*.jsp这样的结尾,写全,或者写成/app/*,这样的才行 -->
<filter-mapping>
<filter-name>filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
过滤器类:
[java]
view plaincopy
package com.zyujie.common;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginFilter implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession();
// 如果session不为空,则可以浏览其他页面
String url = request.getServletPath();
System.out.println(url);
//这里判断目录,后缀名,当然也可以写在web.xml中,用url-pattern进行拦截映射
if ((!request.getServletPath().equals("/login.action"))
&& (!request.getServletPath().equals("/login.jsp"))
&& (!request.getServletPath().equals("/relogin.jsp"))
&& (!request.getServletPath().equals("/jquery-1.8.0.min.js"))) {
System.out.println(request.getServletPath());
if (session.getAttribute("userInfo") == null) {
session.invalidate();
response.setContentType("text/html;charset=gb2312");
PrintWriter out = response.getWriter();
out.println("<script language='javascript' type='text/javascript'>");
out.println("alert('由于你长时间没有操作,导致Session失效!请你重新登录!');window.location.href='" + request.getContextPath() + "/relogin.jsp'");
out.println("</script>");
} else {
chain.doFilter(request, response);
}
} else {
chain.doFilter(request, response);
}
}
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
做了一个测试:所有的ajax请求,都不能过滤,也不知道为什么。如果ajax要进行session判断的话,可以通过拦截器:代码如下:(ajax请求不能跳转页面,不知道怎么实现这种ajax请求,session丢失,页面跳转。)
struts2配置,拦截器:
[html]
view plaincopy
<package name="myInterceptors" namespace="/system/login" extends="struts-default">
<interceptors>
<interceptor name="timer" class="com.zyujie.common.TimerInterceptor" />
<interceptor name="logger" class="com.zyujie.common.LoggerInterceptor" />
<interceptor name="sessionFilter" class="com.zyujie.common.SessionFilterInterceptor" />
</interceptors>
<action name="userLogin" class="userLoginAction" method="userLogin">
<interceptor-ref name="logger" />
<interceptor-ref name="timer" />
<result name="input" type="redirect">/login.jsp</result>
<result name="success" type="redirect">/ok.jsp</result>
</action>
<action name="getSession" class="userLoginAction" method="getSession">
<result name="input" type="redirect">/login.jsp</result>
</action>
<action name="reLogin" class="userLoginAction" method="reLogin">
<result name="input" type="redirect">/relogin.jsp</result>
<result name="success" type="redirect">/ok.jsp</result>
</action>
<action name="testSession" class="userLoginAction" method="testSession">
<interceptor-ref name="sessionFilter" />
<result name="input" type="redirect">/login.jsp</result>
<result name="success" type="redirect">/ok.jsp</result>
</action>
</package>
拦截类:
[java]
view plaincopy
package com.zyujie.common;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts2.ServletActionContext;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
public class SessionFilterInterceptor extends AbstractInterceptor {
@Override
public String intercept(ActionInvocation invocation) throws Exception {
HttpSession session = ServletActionContext.getRequest().getSession();
if(session.getAttribute("userInfo") == null){
// HttpServletResponse response = ServletActionContext.getResponse();
// ServletActionContext.getResponse().sendRedirect(Action.INPUT);
// session.invalidate();
// response.setContentType("text/html;charset=gb2312");
// PrintWriter out = response.getWriter();
// out.println("<script language='javascript' type='text/javascript'>");
// out.println("alert('由于你长时间没有操作,导致Session失效!请你重新登录!');window.location.href='/login.jsp'");
// out.println("</script>");
// return "none";
return Action.INPUT;
}else{
return invocation.invoke();
}
}
}
对于ajax的请求,不能跳转页面。很多人说的,还是只有在页面端判断返回值,进行跳转。
相关文章推荐
- java web工程,过滤器判断session失效
- session失效,使用ajax请求数据被拦截,此时正常的处理逻辑是跳到登录界面,而不是界面没有变化(java判断是否是ajax请求)
- IT咨询顾问:一次吐血的项目救火 java或判断优化小技巧 asp.net core Session的测试使用心得 【.NET架构】BIM软件架构02:Web管控平台后台架构 NetCore入门篇:(十一)NetCore项目读取配置文件appsettings.json 使用LINQ生成Where的SQL语句 js_jquery_创建cookie有效期问题_时区问题
- JavaWeb Session失效时间设置方法
- Java Web Application使Session永不失效(利用cookie隐藏登录)
- 判断一个工程是java还是web
- javaWeb session失效时间设置
- JavaWeb基础 session isNew 判断session是新生成的 还是旧有的
- 【SENCHA TOUCH】改了tomcat的IP访问!java的session失效问题! [ Web 开发]
- java工程_web.xml配置session有效期
- javaweb开发中,java监听器对象导致中文乱码过滤器不起作用和失效!
- 在Web应用中,会用到大量的Ajax请求,在Ajax请求中存在的一个问题就是如何判断session超时,在网上找到的一个java中处理此问题方法:
- Spring 定时任务(精)(session工具类(配置失效时间),cookie工具类 web工程(初始化容器) redis工具类)
- JavaWebSession
- Java设置session超时(失效)的时间 在一般系统登录后,都会设置一个当前session失效的时间,以确保在用户长时间不与服务器交互,自动退出登录,销毁session 具体设置的方法有三种:
- Opencv实现盲水印技术(二)——使用maven构建Java Web工程
- 发布java项目或者web项目修改工程名字的问题
- Java web.xml session-config 属性配置
- 传智播客java web 学习,过滤器
- 【Java.Web】Session —— Session Listener监听器