1.在web.xml配置session超时的时间
<!-- 配置session超时时间,单位分钟 -->
<session-config>
<session-timeout>180</session-timeout>
</session-config>
2.在此也贴出我的一个session工具类,方便获取登陆成功之后session中用户信息。
package com.wzxy.nc.util;
import com.opensymphony.xwork2.ActionContext;
import com.wzxy.nc.entity.SysUser;
public class HttpSessionUtil{
@SuppressWarnings("unchecked")
public static <T> T getObject(String key,T t){
return (T)ActionContext.getContext().getSession().get(key);
}
public static void put(String key,Object value){
ActionContext.getContext().getSession().put(key, value);
}
public static SysUser getCurrentUser(){
// SysConstant.LOGIN_USER 是一个字符串,也就是你放到session用户信息的key
return (SysUser) ActionContext.getContext().getSession().get(SysConstant.LOGIN_USER);
}
}
- 编写一个拦截器的类,实现拦截的逻辑
package com.wzxy.nc.interceptor;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts2.ServletActionContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.wzxy.nc.entity.SysUser;
import com.wzxy.nc.util.HttpSessionUtil;
public class LoginInterceptor extends AbstractInterceptor {
private static final long serialVersionUID = 7860956813431996758L;
private static final Logger logger = LoggerFactory.getLogger(LoginInterceptor.class);
@Override
public String intercept(ActionInvocation ai) throws Exception {
logger.info("************** 登陆拦截器 **************");
// 取得请求的URL
String url = ServletActionContext.getRequest().getRequestURL().toString();
HttpServletResponse response = ServletActionContext.getResponse();
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Cache-Control", "no-store");
response.setDateHeader("Expires", 0);
SysUser user = null;
// 对登录与注销请求直接放行,不予拦截
if (url.indexOf("login") != -1 || url.indexOf("logout") != -1) {
return ai.invoke();
} else {
// 验证Session是否过期
if (!ServletActionContext.getRequest().isRequestedSessionIdValid()) {
// session过期,转向session过期提示页,最终跳转至登录页面
return "relogin";
} else {
user = HttpSessionUtil.getCurrentUser();
// 验证是否已经登录
if (user == null) {
logger.info("尚未登录");
// 尚未登录,跳转至登录页面
return "relogin";
} else {
return ai.invoke();
}
}
}
}
}
4.在struts2配置一下这个拦截器并运行项目测试
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.1//EN" "http://struts.apache.org/dtds/struts-2.1.dtd">
<struts>
<package name="default" namespace="/" extends="json-default,struts-default">
<interceptors>
<interceptor name="loginInterceptor" class="com.wzxy.nc.interceptor.LoginInterceptor"/>
<interceptor-stack name="loginStack">
<interceptor-ref name="loginInterceptor" />
<interceptor-ref name="defaultStack" />
</interceptor-stack>
</interceptors>
<global-results>
<result name="relogin" type="redirect">/login.jsp</result>
</global-results>
<action name="*_*" method="{2}" class="com.wzxy.nc.controller.{1}Controller">
<result name="success">${forwardPage}</result>
<result name="error">${forwardPage}</result>
<result name="redt" type="redirect">${forwardPage}</result>
<result name="download" type="stream">
<!-- 指定下载文件的类型 -->
<param name="contentType">application/octet-stream</param>
<!-- 指定下载文件的位置 -->
<param name="inputName">fileInputStream</param>
<param name="contentDisposition">attachement;filename=${downFileName}</param>
<!-- 指定下载文件的缓冲大小 -->
<param name="bufferSize">4096</param>
</result>
<result name="json" type="json">
<param name="root">dataMap</param>
</result>
<interceptor-ref name="loginStack" />
</action>
</package>
</struts>
5.需要注意的是,如果页面嵌套在iframe或者frameset中在登陆的页面写上这一段js,这样可以跳出整个iframe。
<script language="javascript">
if(window !=top){
top.location.href=location.href;
}
</script>