Spring-security.xml part of the code:
<httpAuto-config= "false" > <Access-denied-handlerref= "Accessdeniedhandler" /> <!--<form-login login-page= "/login.jsp" authentication-failure-url= "/login.jsp?login_error=1" default-target-u Rl= "/" always-use-default-target= "true"/> - <Http-basic/> <Custom-filterposition= "Concurrent_session_filter"ref= "Concurrencyfilter" /> <Custom-filterref= "Loginfilter"before= "Form_login_filter" /> <!--Replace the default logoutfilter <logout logout-success-url= "/login.jsp"/> - <Custom-filterref= "Yllogoutfilter"before= "Logout_filter" /> <Custom-filterref= "Logoutfilter"position= "Logout_filter" /> <Custom-filterref= "Carparklogoutfilter" After= "Logout_filter" /> <!--Add a custom customsecurityinterceptor before filter_security_interceptor to implement database management for users, roles, permissions, and resources. - <Custom-filterref= "Customsecurityinterceptor"before= "Filter_security_interceptor" /> <Remember-me/> <!--Session Management Configuration - <session-managementSession-authentication-strategy-ref= "Sessionauthenticationstrategy"Invalid-session-url= "/logon/commonsessionexpired.htm"/> </http> <Beans:beanID= "Concurrencyfilter"class= "Org.springframework.security.web.session.ConcurrentSessionFilter"> <Beans:propertyname= "Sessionregistry"ref= "Sessionregistry" /> <Beans:propertyname= "Expiredurl"value= "/logon/commonsessionexpired.htm" /> </Beans:bean>
Intercept expiration: Spring-mvc.xml here is mainly to play the window, do not play the window will not have to do the following
<mvc:interceptors> <!--blocked under a specific path - <Mvc:interceptor> <mvc:mappingPath= "/logon/commonsessionexpired.htm"/> <Beanclass= "Com.jevon.frame.security.SessionInterceptor"/> </Mvc:interceptor> </mvc:interceptors>
Interceptors: Sessioninterceptor, where you need to differentiate between AJAX requests, and ordinary requests, AJAX returns need to be converted to JSON format, here Returnresult use map instead.
Packagecom.jevon.frame.security;ImportJava.io.PrintWriter;Importjavax.servlet.http.HttpServletRequest;ImportJavax.servlet.http.HttpServletResponse;ImportOrg.springframework.web.servlet.ModelAndView;ImportOrg.springframework.web.servlet.handler.HandlerInterceptorAdapter;ImportCom.jevon.can.common.domain.ReturnResult;ImportNet.sf.json.JSONObject; Public classSessioninterceptorextendsHandlerinterceptoradapter {@Override Public BooleanPrehandle (httpservletrequest request, httpservletresponse response, Object handler)throwsException {request.setcharacterencoding ("UTF-8"); Response.setcharacterencoding ("UTF-8"); Response.setcontenttype ("Text/html;charset=utf-8"); /**String url = request.getservletpath (); if (URL! = null && url.contains ("/logon/expiredurl")) {return boolean.true; }**/ if(NULL= = Request.getsession (). getattribute ("Ses_currentuser")) { if(Isajax (Request)) {PrintWriter out=Response.getwriter (); Jsonobject Jsonobject= Jsonobject.fromobject (NewReturnresult ("page expires, please sign in again!") "," logout ",false)); Out.print (Jsonobject); Out.close (); }Else{PrintWriter out=Response.getwriter (); StringBuilder Builder=NewStringBuilder (); Builder.append ("<script type=\" text/javascript\ "charset=\" utf-8\ ">"); Builder.append ("Window.top.logoutAlert (\" page expires, please re-login!\ ");//alert (\ "page expires, please re-login!\") ;Builder.append ("</script>"); Out.print (Builder.tostring ()); Out.close (); } return false; } return true; } @Override Public voidPosthandle (httpservletrequest request, httpservletresponse response, Object handler, Modelandview Modeland View)throwsException {Super. Posthandle (Request, response, Handler, Modelandview); } @Override Public voidaftercompletion (httpservletrequest request, httpservletresponse response, Object handler, Exception ex)
throwsException {//TODO auto-generated Method Stub Super. Aftercompletion (Request, response, Handler, ex); } //determine if the AJAX request Public Static BooleanIsajax (HttpServletRequest request) {return"XMLHttpRequest". Equals (Request.getheader ("X-requested-with")); } }
Encapsulated Ajax.js return: Logout type is used here
LoadComplete:function(data) {if(Data.success = = =false) { if(Data.msgtype = = ' 1 ') {window.parent.location= $.getprojectname () + '/logon/commonquit.htm '; } if(Data.msgtype = = ' 2 ' &&data.msg) {$.messager.alert ("Warning", data.msg, "warning"); } if(Data.msgtype = = ' 3 ' &&data.msg) {$.messager.alert ("Errors", Data.msg, "error"); } if(Data.msgtype = = ' Logout ') {$.messager.alert ("Warning", data.msg, "info",function(r) {window.parent.location= $.getprojectname () + '/logon/expiredurl.htm '; }); } } }
Top-level JSP page: The Interceptor calls the method directly, and alert can use the style
<script> function logoutalert (msg) { $.messager.alert(function(r) { = $.getprojectname () + '/logon/expiredurl.htm '; }); </script>
Spring Security single account multi-place login reminder, Ajax blocker interceptor