Spring mvc Interceptor Solves Session Timeout Configuration Process

Keywords: Session Attribute JSP xml

Recently, the function of Session timeout has not been implemented in the company's internal framework. Because of the iframe structure, when the Session timeout is clicked on the left system menu, the login box pops up again on the right side of iframe.

The problem is due to the absence of interceptors.

The idea of adding interceptor: When a user clicks menu after Session timeout, he needs to use Interceptor to intercept the preceding item, and judge whether user information still exists in the session at this time. If it does not exist, he should specify to log on to the main page.

The following code:

1) Firstly, the mvc:interceptor tag is added to the application Context-mvc.xml.

  1.      
  2.    <!-- session timeout interceptor -->  
  3. <mvc:interceptors>  
  4.     <mvc:interceptor>  
  5.         <mvc:mapping path="/*/*" />  
  6.         <bean class="com.lenovo.lstp.mam.interceptor.SessionTimeoutInterceptor" >  
  7.             <property name="allowUrls">    
  8.                 <list>    
  9.                   <value>/login/login.do</value>    
  10.                   <value>/common/language.do</value>    
  11.                 </list>    
  12.             </property>    
  13.         </bean>  
  14.     </mvc:interceptor>  
  15. </mvc:interceptors>  
  16.   
  17. <!-- exception handler -->  
  18.    <bean id="handlerExceptionResolver"  
  19.     class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver" >  
  20.     <property name="exceptionMappings">  
  21.         <props>  
  22.             <prop key="com.lenovo.lstp.mam.exception.SessionTimeoutException">/blank</prop>  
  23.         </props>  
  24.     </property>  
  25.    </bean>  

The above code first creates an interceptor named Session Timeout Interceptor in the system internal package and specifies the url allowed to access as a collection in the list.

When the user logs in from this address, there is no need to intercept.

Session Timeout Exception throw s the exception when the interception takes effect.

And go to blank.jsp page.

2) The second step is to create the interceptor Session Timeout Interceptor. The code is as follows:

  1. /** 
  2.      * Session Timeout, Intercept Access 
  3.      *  
  4.      */  
  5.     public boolean preHandle(HttpServletRequest request,  
  6.             HttpServletResponse response, Object handler) throws Exception {  
  7.         String requestUrl = request.getRequestURI();  
  8.           
  9.         for(String url : allowUrls) {  
  10.             if(requestUrl.endsWith(url)) {  
  11.                 return true;  
  12.             }  
  13.         }  
  14.           
  15.         String session = (String) WebUtils.getSessionAttribute(request,  
  16.                 "username");  
  17.         if(session != null) {  
  18.             return true;  
  19.         }else {  
  20.             throw new SessionTimeoutException();  
  21.         }  
  22.           
  23.     }  

Except for the permitted Url, any other Url will throw Session Timeout Exception to point to the landing page as long as it is not checked for the existence of Session. Session Timeout Exception does not need to write any operations.

3) Because the iframe layout will cause the landing box embedded problem, it can be implemented in the following way, the code is as follows:

  1. var session = "${user}";  
  2. if("" == session){  
  3.     top.location = "transfer.jsp";  
  4. }  
  5. if (null == session) {  
  6.  top.location = "transfer.jsp";  
  7. }  
Introduce a transit page transfer.jsp in blank.jsp. This page is used for post ing jumps and requesting login.do again.

top.location is specified to be displayed on the main page, not on the embedded page.

4) The fourth step requires a second login.do request, which is coded as follows:

  1. <script type="text/javascript">  
  2. $(document).ready(function(){  
  3.     document.transfer.submit();  
  4. });  
  5. </script>  
  6.   
  7.   
  8. <body>  
  9. <form name="transfer" action="login/login.do" method="post"></form>  
  10.   
  11. </body>  

When you enter the page, you automatically submit a login.do request, but previously, because the page allows login.do to enter, the operation can be judged in loginControl.

The code is as follows:

  1. /* After session timeout, check dto's username, and return login.jsp. */  
  2.         if(dto.getUsername() == null) {   
  3.             ModelAndView mv = new ModelAndView("login");  
  4.             return mv;  
  5.         }  
  6.           

In the login method, this judgment is introduced to judge the second access to the information of the Control. If the user name is not available, it will automatically jump back to the login.jsp page and re-enter.

At this point, it has been successfully completed, if there are other links on the landing page, you can configure it in allowurl.


The above is reproduced from http://blog.csdn.net/fly2749/article/details/8702855.

Posted by Tyen on Fri, 22 Mar 2019 15:39:52 -0700

Hot Keywords

©2024 Programmer Group