当前位置:首页 -> AI编程基础 -> JAVA

SpringSecurity2 session超时跳转登陆界面

2014-11-24 03:26:58 · 作者: · 浏览: 0
标签: SpringSecurity2 session 超时 登陆 界面

项目中权限系统使用的是Spring Security2.0,由于对session过期没有过多的支持(Spring Security3.0支持session超时的配置设置),所以只能自己实现。简单的说,也就是通过过滤器拦截请求,判断session是否过期,如果过期跳转登陆界面,否则放行。具体实现如下:

1、web.xml中添加过滤器配置

  

  
	
   
    sessionTimeoutFilter
   
	
   
    com.ufida.icc.admin.interceptor.SessionTimeoutFilter
   

  


  

  
	
   
    springSecurityFilterChain
   
	
   
    org.springframework.web.filter.DelegatingFilterProxy
   

  

  
	
   
    sessionTimeoutFilter
   
	
   
    /admin/work/*
   

  

  
	
   
    springSecurityFilterChain
   
	
   
    /admin/*

注意:处理session过期的SessionTimeout filter要放在权限系统SpringSecurity filter之前。

2、新建SessionTimeoutFilter类,实现Filter接口。

package com.ufida.icc.admin.interceptor;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class SessionTimeoutFilter implements Filter {

	public void destroy() {
		// TODO Auto-generated method stub

	}

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest httpRequest = (HttpServletRequest) request;
		HttpServletResponse httpResponse = (HttpServletResponse) response;
		HttpSession session = httpRequest.getSession();
		// 登陆url
		String loginUrl = httpRequest.getContextPath() + "/admin/login.jsp";

		String url = httpRequest.getRequestURI();
		String path = url.substring(url.lastIndexOf("/"));
		// 超时处理,ajax请求超时设置超时状态,页面请求超时则返回提示并重定向
		if (path.indexOf(".action") != -1
				&& session.getAttribute("LOGIN_SUCCESS") == null) {
			// 判断是否为ajax请求
			if (httpRequest.getHeader("x-requested-with") != null
					&& httpRequest.getHeader("x-requested-with")
							.equalsIgnoreCase("XMLHttpRequest")) {
				httpResponse.addHeader("sessionstatus", "timeOut");
				httpResponse.addHeader("loginPath", loginUrl);
				chain.doFilter(request, response);// 不可少,否则请求会出错
			} else {
				String str = "<script language='java script'>alert('会话过期,请重新登录');"
						+ "window.top.location.href='"
						+ loginUrl
						+ "';";
				response.setContentType("text/html;charset=UTF-8");// 解决中文乱码
				try {
					PrintWriter writer = response.getWriter();
					writer.write(str);
					writer.flush();
					writer.close();
				} catch (Exception e) {
					e.printStackTrace();
				}
			}
		} else {
			chain.doFilter(request, response);
		}
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub

	}
}

3、客户端JS,用于ajax请求session超时

<script type="text/java script">
$(document).ajaxComplete(function(event, xhr, settings) {  
    if(xhr.getResponseHeader("sessionstatus")=="timeOut"){  
        if(xhr.getResponseHeader("loginPath")){
        	alert("会话过期,请重新登陆!");
            window.location.replace(xhr.getResponseHeader("loginPath"));  
        }else{  
            alert("请求超时请重新登陆 !");  
        }  
    }  
});