目标:
用户登陆超过一定时间,在页面做请求时,提示类似登陆已超时,请重新登陆信息。
实现:
1.超时时间配置(web.xml):
<session-config> <!-- 10分钟 --> <session-timeout>10</session-timeout> <tracking-mode>COOKIE</tracking-mode> <cookie-config> <secure>false</secure> <http-only>true</http-only> </cookie-config></session-config>
2.session超时过滤、ajax请求处理(spring-security.xml)
<!-- invalidSession.htm 是一个不存在的页面 --> <session-management invalid-session-url="/invalidSession.htm" session-fixation-protection="newSession"> <concurrency-control session-registry-ref="sessionRegistry" max-sessions="1" error-if-maximum-exceeded="true" /> </session-management> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> <!-- 未登录的切入点 --> <beans:bean id="authenticationProcessingFilterEntryPoint" class="com.baozun.nebulaplus.web.controller.auth.MyLoginUrlAuthenticationEntryPoint"> <beans:property name="loginFormUrl" value="/login.htm"></beans:property> </beans:bean>
3.继承LoginUrlAuthenticationEntryPoint (MyLoginUrlAuthenticationEntryPoint.java)
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { // 如果是ajax请求 if (RequestUtil.isAjaxRequest(request)) { String key = ErrorCodes.BUSINESS_EXCEPTION_PREFIX + ErrorCodes.INVALID_SESSION; Object[] args = new String[0]; String message = messageSource.getMessage(key, args, key, LocaleContextHolder.getLocale()); String jsonObject = "{\"message\":\"" + message + "\"," + "\"needlogin\":true,\"cause\":\"Access is denied\"}"; ResponseUtil.writeJson(response, jsonObject); return; } else { super.commence(request, response, authException); } }
4.js 扩展ajax
success:function(data, textStatus){ //成功回调方法增强处理 if (data.denied) { wms.frame.notifyWarning(data.message); } else if (data.needlogin) { wms.frame.notifyWarning(data.message); } else{ fn.success(data, textStatus); } }
时间: 2024-10-05 23:04:09