Session超时,唯一性
配置缓存文件,用来存储SessionId,将UserId作为key。(此处未贴代码)
创建sessionTimeOut.jsp文件(此处未贴代码)
-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------
配置Struts.xml文件(Class属性不用配置,仅用于跳转)
<action name="sessionTimeOut">
<result name="success">/WEB-INF/page/sessionTimeOut.jsp</result>
</action>
-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------
Action文件(登录时保存SessionId)
public String login(){
HttpSession session = ServletActionContext.getRequest().getSession();
//验证码
String genValidatecode = (String)session.getAttribute("RANDOMVALIDATECODEKEY");
session.setAttribute("user", student);//这里是引用传递,如果add方法也是这个Action,则添加用户时会更改Student的属性值。
String sessionID = session.getId();
//将sessionId存入缓存
EhcacheUtil.getInstance().put("com.sessoinId",student.getStuNo(), sessionID);
return SUCCESS;
}
-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------
创建用户登录校验过滤器LoginFilter
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import com.shenzhen.management.pojo.Student;
public class LoginFilter implements Filter {
private FilterConfig filterConfig;
private String noFilterURI;
Logger logger = Logger.getLogger(LoginFilter.class);
public LoginFilter() {
filterConfig = null;
noFilterURI = null;
}
public void init(FilterConfig filterConfig) throws ServletException{
this.filterConfig = filterConfig;
noFilterURI = filterConfig.getInitParameter("noFilterURI");
}
public void destroy(){
filterConfig = null;
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException{
HttpServletRequest request = (HttpServletRequest)servletRequest;
String indexURI = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+request.getContextPath();
//用户登录检查
String requestUrl = request.getRequestURL().toString();
logger.debug(requestUrl);
if(requestUrl.equals(indexURI+"/")||requestUrl.equals(indexURI+"/login")||requestUrl.equals(indexURI+"/sessionTimeOut")||requestUrl.endsWith("p_w_picpathServlet.servlet")||requestUrl.endsWith(".js")){
filterChain.doFilter(servletRequest, servletResponse);
}else{
HttpSession session = request.getSession();
Student user = (Student)session.getAttribute("user");
if(null == user){
HttpServletResponse response = (HttpServletResponse)servletResponse;
response.sendRedirect(indexURI+"/sessionTimeOut");
}else{
filterChain.doFilter(servletRequest, servletResponse);
}
}
}
}
-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------
创建Session唯一性过滤器OnlySession
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import com.shenzhen.management.pojo.Student;
import com.shenzhen.management.util.ehcache.EhcacheUtil;
public class OnlySession implements Filter {
private FilterConfig filterConfig;
Logger logger = Logger.getLogger(OnlySession.class);
public OnlySession() {
filterConfig = null;
}
public void init(FilterConfig filterConfig) throws ServletException{
this.filterConfig = filterConfig;
}
public void destroy(){
filterConfig = null;
}
/**
* session超时和session唯一性检查
*/
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException,ServletException{
HttpServletRequest request = (HttpServletRequest)servletRequest;
String indexURI = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+request.getContextPath();
String requestUrl = request.getRequestURL().toString();
//登录时不进行拦截
if(requestUrl.equals(indexURI+"/")||requestUrl.equals(indexURI+"/login")||requestUrl.equals(indexURI+"/sessionTimeOut")||requestUrl.endsWith("p_w_picpathServlet.servlet")||requestUrl.endsWith(".js"))
{
filterChain.doFilter(servletRequest, servletResponse);
}else{
Student user = (Student)request.getSession().getAttribute("user");
HttpServletResponse response = (HttpServletResponse)servletResponse;
//如果session超时
if(null == user){
response.sendRedirect(indexURI+"/sessionTimeOut");
}else{
String userId = user.getStuNo();
String sessionId = request.getSession().getId();
String onlySessionId = (String)EhcacheUtil.getInstance().get("com.sessoinId", userId);
if(sessionId.equals(onlySessionId)){
filterChain.doFilter(servletRequest, servletResponse);
}else{
response.sendRedirect(indexURI+"/sessionTimeOut");
}
}
}
}
}
-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------
配置web.xml文件(以下Filter配置在Struts2的org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter前面)
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.shenzhen.management.util.session.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>OnlySession</filter-name>
<filter-class>com.shenzhen.management.util.session.OnlySession</filter-class>
</filter>
<filter-mapping>
<filter-name>OnlySession</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------
草稿,希望大家多指教,留言 ,帮助小弟完善。
顶
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。