目标:
用户登陆超过一定时间,在页面做请求时,提示类似登陆已超时,请重新登陆信息。
实现:
1.超时时间配置(web.xml):
<session-config> <!-- 10分钟 -->
<session-timeout>10</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
<cookie-config>
<secure>false</secure>
<http-only>true</http-only>
</cookie-config></session-config>
2.session超时过滤、ajax请求处理(spring-security.xml)
<!-- invalidSession.htm 是一个不存在的页面 -->
<session-management invalid-session-url="/invalidSession.htm"
session-fixation-protection="newSession">
<concurrency-control session-registry-ref="sessionRegistry"
max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
<beans:bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<!-- 未登录的切入点 -->
<beans:bean id="authenticationProcessingFilterEntryPoint"
class="com.baozun.nebulaplus.web.controller.auth.MyLoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.htm"></beans:property>
</beans:bean>
3.继承LoginUrlAuthenticationEntryPoint (MyLoginUrlAuthenticationEntryPoint.java)
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
// 如果是ajax请求
if (RequestUtil.isAjaxRequest(request)) {
String key = ErrorCodes.BUSINESS_EXCEPTION_PREFIX + ErrorCodes.INVALID_SESSION;
Object[] args = new String[0];
String message = messageSource.getMessage(key, args, key, LocaleContextHolder.getLocale());
String jsonObject = "{\"message\":\"" + message + "\","
+ "\"needlogin\":true,\"cause\":\"Access is denied\"}";
ResponseUtil.writeJson(response, jsonObject);
return;
} else {
super.commence(request, response, authException);
}
}
4.js 扩展ajax
success:function(data, textStatus){
//成功回调方法增强处理
if (data.denied) {
wms.frame.notifyWarning(data.message);
} else if (data.needlogin) {
wms.frame.notifyWarning(data.message);
} else{
fn.success(data, textStatus);
}
}
时间: 2024-10-05 23:04:09