目标:
用户登陆超过一定时间,在页面做请求时,提示类似登陆已超时,请重新登陆信息。
实现:
1.超时时间配置(web.xml):
<session-config>
<!-- 10分钟 --> <session-timeout>10</session-timeout> <tracking-mode>COOKIE</tracking-mode> <cookie-config> <secure>false</secure> <http-only>true</http-only> </cookie-config>
</session-config>
2.session超时过滤、ajax请求处理(spring-security.xml)
<!-- invalidSession.htm 是一个不存在的页面 --> <session-management invalid-session-url="/invalidSession.htm" session-fixation-protection="newSession"> <concurrency-control session-registry-ref="sessionRegistry" max-sessions="1" error-if-maximum-exceeded="true" /> </session-management> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> <!-- 未登录的切入点 --> <beans:bean id="authenticationProcessingFilterEntryPoint" class="com.xxx.xxx.web.controller.auth.MyLoginUrlAuthenticationEntryPoint"> <beans:property name="loginFormUrl" value="/login.htm"></beans:property> </beans:bean>
3.继承LoginUrlAuthenticationEntryPoint (MyLoginUrlAuthenticationEntryPoint.java)
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { // 如果是ajax请求 if (RequestUtil.isAjaxRequest(request)) { String key = ErrorCodes.BUSINESS_EXCEPTION_PREFIX + ErrorCodes.INVALID_SESSION; Object[] args = new String[0]; String message = messageSource.getMessage(key, args, key, LocaleContextHolder.getLocale()); String jsonObject = "{"message":"" + message + ""," + ""needlogin":true,"cause":"Access is denied"}"; ResponseUtil.writeJson(response, jsonObject); return; } else { super.commence(request, response, authException); } }
4.js 扩展ajax
success:function(data, textStatus){ //成功回调方法增强处理 if (data.denied) { wms.frame.notifyWarning(data.message); } else if (data.needlogin) { wms.frame.notifyWarning(data.message); } else{ fn.success(data, textStatus); } }