SpringSecurity2 session超时跳转登陆界面

项目中权限系统使用的是Spring Security2.0，由于对session过期没有过多的支持(Spring Security3.0支持session超时的配置设置)，所以只能自己实现。简单的说，也就是通过过滤器拦截请求，判断session是否过期，如果过期跳转登陆界面，否则放行。具体实现如下：

1、web.xml中添加过滤器配置

<!-- SessionTimeout filter --><filter><filter-name>sessionTimeoutFilter</filter-name><filter-class>com.ufida.icc.admin.interceptor.SessionTimeoutFilter</filter-class></filter><!-- SpringSecurity filter --><filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>sessionTimeoutFilter</filter-name><url-pattern>/admin/work/*</url-pattern></filter-mapping><filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/admin/*</url-pattern></filter-mapping>

注意：处理session过期的SessionTimeout filter要放在权限系统SpringSecurity filter之前。

2、新建SessionTimeoutFilter类，实现Filter接口。

package com.ufida.icc.admin.interceptor;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class SessionTimeoutFilter implements Filter {public void destroy() {// TODO Auto-generated method stub}public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {HttpServletRequest httpRequest = (HttpServletRequest) request;HttpServletResponse httpResponse = (HttpServletResponse) response;HttpSession session = httpRequest.getSession();// 登陆urlString loginUrl = httpRequest.getContextPath() + "/admin/login.jsp";String url = httpRequest.getRequestURI();String path = url.substring(url.lastIndexOf("/"));// 超时处理，ajax请求超时设置超时状态，页面请求超时则返回提示并重定向if (path.indexOf(".action") != -1&& session.getAttribute("LOGIN_SUCCESS") == null) {// 判断是否为ajax请求if (httpRequest.getHeader("x-requested-with") != null&& httpRequest.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")) {httpResponse.addHeader("sessionstatus", "timeOut");httpResponse.addHeader("loginPath", loginUrl);chain.doFilter(request, response);// 不可少，否则请求会出错} else {String str = "<script language='javascript'>alert('会话过期,请重新登录');"+ "window.top.location.href='"+ loginUrl+ "';</script>";response.setContentType("text/html;charset=UTF-8");// 解决中文乱码try {PrintWriter writer = response.getWriter();writer.write(str);writer.flush();writer.close();} catch (Exception e) {e.printStackTrace();}}} else {chain.doFilter(request, response);}}@Overridepublic void init(FilterConfig arg0) throws ServletException {// TODO Auto-generated method stub}}

3、客户端JS，用于ajax请求session超时

<script type="text/javascript">$(document).ajaxComplete(function(event, xhr, settings) {      if(xhr.getResponseHeader("sessionstatus")=="timeOut"){          if(xhr.getResponseHeader("loginPath")){        alert("会话过期，请重新登陆!");            window.location.replace(xhr.getResponseHeader("loginPath"));          }else{              alert("请求超时请重新登陆 !");          }      }  });  </script>