一、在web.xml中自定義securityFilter,設置跳轉頁面、需過濾的url相關參數
<filter>
<filter-name>securityFilter</filter-name>
<filter-class>com.sasis.webapp.filter.UserFilter</filter-class>
<init-param>
<param-name>errorPath</param-name>
<param-value>./nouUserSession.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>securityFilter</filter-name>
<url-pattern>*.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>securityFilter</filter-name>
<url-pattern>*.shtml</url-pattern>
</filter-mapping>
二、UserFilter.java處理session過期用戶跳轉邏輯
package com.sasis.webapp.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import uk.ltd.getahead.dwr.WebContextFactory;
import com.sasis.Constants;
import com.sasis.model.CurrentUser;
import com.sasis.model.User;
public class UserFilter implements Filter {
private static final Log log = LogFactory.getLog(UserFilter.class);
private String errorUrl;
public void init(FilterConfig filterConfig) throws ServletException {
errorUrl = filterConfig.getInitParameter("errorPath");
log.debug("--------------------------errorUrl______");
log.debug(errorUrl);
log.debug("--------------------------errorUrl______");
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
try {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpSession session = httpRequest.getSession();
User user = (User)session.getAttribute("user");
log.debug(">>>>>>>>>>>>user>>>>>>>>>>>>"+user);
//if(null!=user)CurrentUser.set((User)session.getAttribute("user"));
CurrentUser.set(user);
String isLogin = (String) session.getAttribute(Constants.CURUSER_KEY);
boolean UrlNotvalidated = false;
String resourceURL = httpRequest.getRequestURL().toString();
String queryString = httpRequest.getQueryString();
String[] actionStrArray = resourceURL.split("/");
//if ("activityChangeMsg.html".equalsIgnoreCase(actionStrArray[actionStrArray.length -1])){
UrlNotvalidated = true;
//}
String referer = httpRequest.getHeader("referer");
if (null != referer || UrlNotvalidated){
if (session == null || !"true".equals(isLogin)) {
// System.out.println(request.getParameter("method"));
if(null != request.getParameter("method") && request.getParameter("method").startsWith("psg")){
filterChain.doFilter(request, response);
}else{
httpRequest.setAttribute("notUserSession","Y");
httpResponse.sendRedirect(errorUrl);
}
} else {
filterChain.doFilter(request, response);
}
} else {
httpResponse.sendRedirect(errorUrl);
}
} catch (Exception ex) {
log.error(ex);
ex.printStackTrace();
}
}
public void destroy() {
}
}