import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SessionExpirationFilter implements Filter, InitializingBean {
//~ Instance fields ================================================================================================
private String expiredUrl;
//~ Methods ========================================================================================================
public void afterPropertiesSet() throws Exception {
Assert.hasText(expiredUrl, "ExpiredUrl required");
}
/**
* Does nothing. We use IoC container lifecycle services instead.
*/
public void destroy() {}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
Assert.isInstanceOf(HttpServletRequest.class, request, "Can only process HttpServletRequest");
Assert.isInstanceOf(HttpServletResponse.class, response, "Can only process HttpServletResponse");
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpSession session = httpRequest.getSession(false);
if (session == null &&
httpRequest.getRequestedSessionId() != null &&
!httpRequest.isRequestedSessionIdValid())
{
String targetUrl = httpRequest.getContextPath() + expiredUrl;
httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl));
return;
}
chain.doFilter(request, response);
}
/**
* Does nothing. We use IoC container lifecycle services instead.
*
* @param arg0 ignored
*
* @throws ServletException ignored
*/
public void init(FilterConfig arg0) throws ServletException {}
public void setExpiredUrl(String expiredUrl) {
this.expiredUrl = expiredUrl;
}
}<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
------
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login.spring*=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
/**=sessionExpirationFilter,httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
...
<bean id="sessionExpirationFilter" class="SessionExpirationFilter">
<property name="expiredUrl" value="/login.spring?login_error=2"/>
</bean>
...
---------------
<c:if test="${param.login_error == 2}">
<br>
<h2 class="red">Your session has timed out.</h2>
</c:if>
spring security session expired issue
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.