Recently, in the development of a government affairs project, the system framework used spring security, and a problem occurred: the page jumped to the login page after the session expired;
There are two cases here;
The first type: ordinary requests, such as form submission, redirection, etc.
The spring-security.xml configuration is as follows:
<session-management invalid-session-url="http://172.31.60.117:8088/mslogin/view/login.jsp" session-fixation-protection="newSession" > <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </session-management> -
The web.xml configuration is as follows:
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
So you can monitor the interception of ordinary requests after the session, and jump to the login page. As a result, the later test found that the ajax request could not be intercepted to the login page. At this time, the phenomenon was that the data could not be requested after the ajax request was sent, but the page could not be jumped, so the code was changed to the following, which can support both ordinary request interception and Support ajax request interception;
spring-security.xml is configured as follows
<session-management invalid-session-url="/public/invalidate" session-fixation-protection="newSession" > <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </session-management>
Here /public/invalidate is the Controller request path: Create Controller
package com.jointem.ngcms.controller;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
/**
* @Title: InvalidateSession
* @Description:
* @Author: bql
* @Date: April 20, 2016
* @Version: v1.0.0
* @Copyright: 2016 www.jointem.com Inc. All rights reserved.
* @Update: 1. Create File
*/
@Controller
public class InvalidateSession
{
/**
* This url gets invoked when spring security invalidates session (ie timeout).
* Specific content indicates ui layer that session has been invalidated and page should be redirected to logout.
*/
@RequestMapping(value = "/public/invalidate")
@ResponseBody
public String invalidateSession(HttpServletRequest reqeust,HttpServletResponse response) {
String ajaxHeader = reqeust.getHeader("X-Requested-With");
boolean isAjax = "XMLHttpRequest".equals(ajaxHeader);
if (isAjax) {
return "invalidSession";
} else {
try {
response.sendRedirect("http://172.31.60.117:8088/mslogin/view/login.jsp");
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace ();
}
}
return "";
}
}
Note that the few lines of code here are to determine whether it is an ajax request.
String ajaxHeader = reqeust.getHeader("X-Requested-With");
boolean isAjax = "XMLHttpRequest".equals(ajaxHeader);
If it is an ajax request, it will return the invalidSession string, and add the following code to the front-end js to monitor the return value of the back-end
//Global ajax access, session timeout when processing ajax clearing
$.ajaxSetup({
complete: function(xhr, status) {
if (xhr.responseText == 'invalidSession') {
window.location = "http://172.31.60.117:8088/mslogin/view/login.jsp";
}
}
});
$.ajaxSetup monitors ajax requests globally. When the backend returns invalidSession, you can jump to the page you need.
After searching on google for a long time, the problem was not solved in the end, so I transformed it into the code provided above, hoping to help friends who have the same problem as me.