java Servlet Filter 拦截Ajax请求,统一处理session超时的问题

时间:2023-03-08 22:29:07

后台增加filter,注意不要把druid也屏蔽了

import java.io.IOException;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;

import org.apache.shiro.subject.Subject;

import cn.zsmy.constant.Constant;

import cn.zsmy.entity.User;

/**

 * session超时过滤

 *

 * @date 2016-10-20

 */

public class SessionFilter implements Filter {  

    @Override

    public void init(FilterConfig filterConfig) throws ServletException {  

    }  

    @Override

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,

            ServletException {

        HttpServletRequest httpServletRequest = (HttpServletRequest) request;

        HttpServletResponse httpServletResponse = (HttpServletResponse) response;  

        //只过滤了ajax请求时session超时

         if (httpServletRequest.getHeader("x-requested-with") != null

                 && httpServletRequest.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")) {

                 Subject subject = SecurityUtils.getSubject();

                User user = (User) subject.getPrincipal();

                if(user == null){

                    Constant.MY_LOG.debug("filter:sessionstatus timeout!");

                    //如果是ajax请求响应头会有,x-requested-with

                    httpServletResponse.setHeader("sessionstatus", "timeout");//在响应头设置session状态

                    return;

                }

         } 

        chain.doFilter(request, response);

    }  

    @Override

    public void destroy() {  

    }  

}

web.xml加入过滤器配置,注意不要把druid也屏蔽了,url-pattern可以指定过滤的东西

<!--session超时过滤处理 -->

    <filter>

        <filter-name>sessionFilter</filter-name>

        <filter-class>cn.zsmy.palmdoctor.filter.SessionFilter</filter-class>

    </filter>

    <filter-mapping>

        <filter-name>sessionFilter</filter-name>

        <!-- <url-pattern>/*</url-pattern> -->

        <url-pattern>*.do</url-pattern>

    </filter-mapping>

在公共的js文件中加入以下全局控制ajax的配置

<c:set var="appPath" value="<%=request.getContextPath()%>"/>

<script type="text/javascript">

$(function(){

    $.ajaxSetup ({

        cache: false, //关闭AJAX缓存

        async:false, //同步请求

        contentType:"application/x-www-form-urlencoded;charset=utf-8",

        complete:function(XMLHttpRequest,textStatus){

            //通过XMLHttpRequest取得响应头,sessionstatus,

            var sessionstatus=XMLHttpRequest.getResponseHeader("sessionstatus");

            if(sessionstatus=="timeout"){

                alert("由于您长时间未操作,登录已失效,请重新登录");

                parent.location.href = "${appPath}/login.do";

            }

        }

    });

});

</script>

相关文章