[Java] [acegi] timeout control of acegi security framework under Ajax

Timeout control of acegi security framework under Ajax

When we use the acegi security framework, all requests are blocked. In this way, if the session times out, the remote Ajax call through DWR will also be blocked by the acegi filter. At this time, acegi finds that the user has not logged on, the request will be forwarded (forwarded to the login page), but because Ajax is called at this time, the page will not jump, but will return the HTTP response code of 302, in this way, the browser will not respond, which is very unfriendly to users. Some simple processing can be done. After the session times out, when the user calls Ajax remotely, like other requests, the login page is returned.

First, in the acegi security configuration file (Spring configuration file), configure the/DWR/** path request to be accessible by anonymous users.

Secondly, to customize a dwrremoter, the implementation is roughly as follows:

Public class mydwrremoter extends defaultremoter {<br/> public replies execute (callcils) {<br/> httpsession session = webcontextfactory. get (). getsession (); <br/> isessioncontainer SC = (isessioncontainer) session. getattribute (<br/> isessioncontainer. session_container_key); </P> <p> // session check <br/> If (SC = NULL | SC. getuserinfo () = NULL) {<br/> logout (); <br/> return super.exe cute (New C All(); <br/>}else {<br/> iuserinfo userinfo = SC. getuserinfo (); <br/> If (! Securityfactory. getinstance (). isonline (<br/> userinfo. getuserid (), session. GETID () {<br/> logout (); <br/> return super.exe cute (New call ()); <br/>}< br/> return super.exe cute (CILS); <br/>}</P> <p> private void logout () {<br/> webcontext WCT = webcontextfactory. get (); <br/> util utilthis = new util (WCT. getscriptsession (); <br/> utilthis. addscript (New scriptbuffer ("logout ()"); <br/>}< br/>}Add the DWR parameter to the Web. xml file. The custom dwrremoter takes effect:

<Init-param> <br/> <param-Name> <br/> Org. directwebremoting. extend. remoter <br/> </param-Name> <br/> <param-value> COM. xxx. base. framework. web. mydwrremoter </param-value> <br/> </init-param>

 

Finally, write down the JavaScript function named logout on the JSP page, and return to the logon page.

 

The preceding three simple steps allow the system to exit the logon page smoothly if the session times out when DWR calls a remote method.