67,518
社区成员
发帖
与我相关
我的任务
分享
public class SmartLoginUrlAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest)request;
if ("XMLHttpRequest".equals(httpRequest.getHeader("X-Requested-With"))){
response.setCharacterEncoding("UTF-8");
response.addHeader("Error-Json", "{code:302,msg:'会话超时',script:''}");
response.setStatus(300);
} else{
super.commence(request, response, authException);
}
}
js 扩展jquery的ajax方法 因为 get load post 等ajax方法 都是扩展的 ajax 函数,所以这么写就行了
(function($){
var ajax=$.ajax;
$.ajax=function(s){
var old=s.error;
var errHeader=s.errorHeader||"Error-Json";
s.error=function(xhr,status,err){
var errMsg = xhr.getResponseHeader(errHeader) ;
alert(errMsg); //此处获取到错误信息 进行跳转,也可以把跳转的地址从服务端传递过来
}
ajax(s);
}
})(jQuery);
好了收工
public class SmartLoginUrlAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest)request;
if ("XMLHttpRequest".equals(httpRequest.getHeader("X-Requested-With"))){
Map<String, Object> error = new HashMap<String, Object>();
error.put("success", false);
error.put("errCode", "0x0001");
error.put("message", "与服务器的会话已经超时");
error.put("data", ""); // 兼容extjs form loading
response.setCharacterEncoding("UTF-8");
PrintWriter printWriter=response.getWriter();
printWriter.write(JSON.toJSONString(error));
printWriter.flush();
printWriter.close();
} else
super.commence(request, response, authException);
}
}
配置文件
<http auto-config="true" entry-point-ref="smartLoginUrlAuthenticationEntryPoint" >
注释掉 <!--<logout logout-success-url="/login.jsp" />--> 超时跳转
替换为
<beans:bean id="smartLoginUrlAuthenticationEntryPoint"
class="com.smart.sys.core.security.SmartLoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.jsp"/>
</beans:bean>
参考 该文章
http://dean-liu.iteye.com/blog/1937860 楼主采用 AuthenticationProcessingFilterEntryPoint 方法,
但是该方法在Spring Security 3.0 之后已经过期了 所有直接继承该类的父类 LoginUrlAuthenticationEntryPoint
同样重写 commence 方法
页面处理可扩展 jquery 类库 参考文章
http://jackyrong.iteye.com/blog/1770629
public class SSAuthenticationFailureHandler implements
AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json");
String message= exception.getMessage();
response.getWriter().println("{\"failure\":true,\"message\":\""+message+"\"}");
}
}
function checkSessionTimeout(response){
if(response.getResponseHeader){
var sessionStatus = response.getResponseHeader("sessionstatus");
if (sessionStatus == 'timeout') {
var redirect = response.getResponseHeader("Location");
window.location = redirect;
return;
}
}
}
<script>location.replace('login.htm')</script>
,然后让spring 把请求重定向到个这timeout.htm。
纯粹理论,没有测试,楼主试试过后告诉我结果。<beans:bean id="concurrentSessionFilter"
class="com.test.webbasis.authentication.ConcurrentSessionFilter">
<beans:property name="expiredUrl" value="/view/webbasis/login.jsp?code=4"></beans:property>
<beans:property name="timeoutUrl" value="/view/webbasis/login.jsp?code=2"></beans:property>
<beans:property name="sessionRegistry" ref="sessionRegistry"/>
</beans:bean>
在 applicationContext-security.xml 里面加上这个 ConcurrentSessionFilter
public class ConcurrentSessionFilter extends GenericFilterBean
然后在public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession(false);
if (session != null) {
SessionInformation info = sessionRegistry.getSessionInformation(session.getId());
if (info != null) {
if (info.isExpired()) {
// Expired - abort processing
doLogout(request, response);
session.setMaxInactiveInterval(0);
String targetUrl = determineExpiredUrl(request, info);
response.setHeader("Location",request.getContextPath()+targetUrl);
response.setHeader("sessionstatus", "timeout");
// Wait for a response to come back
var onreadystatechange = xhr.onreadystatechange = function( isTimeout ) {
// The request was aborted
if ( !xhr || xhr.readyState === 0 ) {
// Opera doesn't call onreadystatechange before this point
// so we simulate the call
if ( !requestDone ) {
complete();
}
requestDone = true;
if ( xhr ) {
xhr.onreadystatechange = jQuery.noop;
}
// The transfer is complete and the data is available, or the request timed out
} else if ( !requestDone && xhr && (xhr.readyState === 4 || isTimeout === "timeout") ) {
//这里添加解析,下面代码省略