定义filter对session过期用户重新登录

一、在web.xml中自定义securityFilter,设置跳转页面、需过滤的url相关参数

	<filter>
		<filter-name>securityFilter</filter-name>
		<filter-class>com.sasis.webapp.filter.UserFilter</filter-class>
		<init-param>
			<param-name>errorPath</param-name>
			<param-value>./nouUserSession.jsp</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>securityFilter</filter-name>
		<url-pattern>*.html</url-pattern>
	</filter-mapping>
	<filter-mapping>
		<filter-name>securityFilter</filter-name>
		<url-pattern>*.shtml</url-pattern>
	</filter-mapping>

二、UserFilter.java处理session过期用户跳转逻辑

package com.sasis.webapp.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import uk.ltd.getahead.dwr.WebContextFactory;

import com.sasis.Constants;
import com.sasis.model.CurrentUser;
import com.sasis.model.User;

public class UserFilter implements Filter {
	private static final Log log = LogFactory.getLog(UserFilter.class);
	private String errorUrl;

	public void init(FilterConfig filterConfig) throws ServletException {
		errorUrl = filterConfig.getInitParameter("errorPath");
		log.debug("--------------------------errorUrl______");
		log.debug(errorUrl);
		log.debug("--------------------------errorUrl______");
	}

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain filterChain) throws IOException, ServletException {
		try {
			HttpServletRequest httpRequest = (HttpServletRequest) request;
			HttpServletResponse httpResponse = (HttpServletResponse) response;
			HttpSession session = httpRequest.getSession();
			User user = (User)session.getAttribute("user");
			log.debug(">>>>>>>>>>>>user>>>>>>>>>>>>"+user);
			//if(null!=user)CurrentUser.set((User)session.getAttribute("user"));
			CurrentUser.set(user);
            String isLogin = (String) session.getAttribute(Constants.CURUSER_KEY);
            
            boolean UrlNotvalidated = false;
			String resourceURL = httpRequest.getRequestURL().toString(); 
			String queryString = httpRequest.getQueryString(); 
			String[] actionStrArray = resourceURL.split("/");
			//if ("activityChangeMsg.html".equalsIgnoreCase(actionStrArray[actionStrArray.length -1])){
				UrlNotvalidated = true;
			//}
            String referer = httpRequest.getHeader("referer");
            
            if (null != referer || UrlNotvalidated){
              
    			if (session == null || !"true".equals(isLogin)) {
//    				System.out.println(request.getParameter("method"));
    				if(null != request.getParameter("method") && request.getParameter("method").startsWith("psg")){
    					filterChain.doFilter(request, response);
    				}else{
    					httpRequest.setAttribute("notUserSession","Y");
        				httpResponse.sendRedirect(errorUrl);
    				}
    				
    			} else {
   				filterChain.doFilter(request, response);
   			}
            } else {
				httpResponse.sendRedirect(errorUrl);
            }
		} catch (Exception ex) {
			log.error(ex);
			ex.printStackTrace();
		}
	}
	public void destroy() {

	}

}


你可能感兴趣的:(filter)