我在web.xml文件里面配置了session过期时间,过期以后会弹出一个新的登陆页面,但是他会显示在第一次的页面里面
web.xml:<?xml version="1.0" encoding="UTF-8"?>
SJConsole
contextConfigLocation
/WEB-INF/spring/db/applicationContext-hibernate.xml,
/WEB-INF/spring/proxy/system.xml,
/WEB-INF/spring/proxy/base.xml,
/WEB-INF/spring/proxy/mchnt.xml,
/WEB-INF/spring/proxy/pos.xml,
/WEB-INF/spring/proxy/risk.xml,
/WEB-INF/spring/proxy/error.xml,
/WEB-INF/spring/proxy/settle.xml,
/WEB-INF/spring/proxy/mchtSrv.xml,
/WEB-INF/spring/proxy/rout.xml,
/WEB-INF/spring/proxy/epos.xml
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
com.huateng.startup.listener.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
com.huateng.startup.listener.SystemListener
</listener-class>
</listener>
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>
org.directwebremoting.servlet.DwrServlet
</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>scriptCompressed</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
<servlet>
<description>PrintImage</description>
<display-name>PrintImage</display-name>
<servlet-name>PrintImage</servlet-name>
<servlet-class>com.huateng.system.util.PrintImage</servlet-class>
</servlet>
<listener>
<listener-class>
com.huateng.startup.listener.MyServerListener
</listener-class>
</listener>
<filter>
<filter-name>EncodeFilter</filter-name>
<filter-class>
com.huateng.system.util.EncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>ignore</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>EncodeFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 统一认证
SAMLAuthFilter
samlsso.servlet.SAMLAuthFilter
redirectURL
http://idp.uat.spdb.com
token-type
SAML.Assertion
realm-name
myrealm
SAMLAuthFilter
*.jsp
-->
com.huateng.system.util.SessionListener
RoleFilter
com.huateng.system.util.RoleFilter
RoleFilter
*.jsp
<filter>
<filter-name>SysFilter</filter-name>
<filter-class>
com.huateng.system.util.SysFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>SysFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<error-page>
<error-code>404</error-code>
<location>/page/system/error404.jsp</location>
</error-page>
<error-page>
<exception-type>java.lang.NullPointerException</exception-type>
<location>/page/system/error404.jsp</location>
</error-page>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>dwr-invoker</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>PrintImage</servlet-name>
<url-pattern>/PrintImage</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>/page/system/login.jsp</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>OGNLconsole</web-resource-name>
<!-- 禁止访问 -->
<url-pattern>/struts/webconsole.html</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
过滤器代码:
/* @(#)
*
- Project:PFConsole *
- Modify Information:
- =============================================================================
- Author Date Description
- ------------ ---------- ---------------------------------------------------
- PanShuang 2011-9-16 first release * *
- Copyright Notice:
- =============================================================================
- Copyright 2011 Huateng Software, Inc. All rights reserved. *
- This software is the confidential and proprietary information of
- Shanghai HUATENG Software Co., Ltd. ("Confidential Information").
- You shall not disclose such Confidential Information and shall use it
- only in accordance with the terms of the license agreement you entered
- into with Huateng. *
- Warning:
- ============================================================================= * */ package com.huateng.system.util;
import java.io.IOException;
import java.util.HashSet;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import com.huateng.common.Constants;
/**
- Title:
- Description:
- Copyright: Copyright (c) 2011-9-16
- Company: Shanghai Huateng Software Systems Co., Ltd.
-
@version 1.0
*/
public class RoleFilter implements Filter{private static Logger log = Logger.getLogger(RoleFilter.class);
public void destroy() {
}
@SuppressWarnings("unchecked")
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain arg2) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)arg0;
HttpServletResponse response = (HttpServletResponse)arg1;
String url = request.getRequestURL().toString();
String res = CommonFunction.urlToRoleId(url);
if(res.matches("T\d+$"))
{
//1.判断请求来源
if (null == request.getHeader("referer")) {
//判断是否为子页面,该系统定义子页面为编号+两位数字
//这里将子页面自动放行,适用于window.open()方式打开的窗口
if (res.length() != 8 || !res.substring(6, 8).matches("[0-9]{2}$")) {
log.info("illegal access(referer)!");
response.sendRedirect(request.getContextPath()+"/redirect.asp");
}
}//2.判断请求合法性 HttpSession session = request.getSession(); HashSet<String> set = (HashSet<String>)session.getAttribute(Constants.USER_AUTH_SET); if(set == null || (!set.contains(res.substring(1,6)))) { log.info("illegal access!"); response.sendRedirect(request.getContextPath()+"/redirect.asp"); } else { arg2.doFilter(request, response); } } else arg2.doFilter(request, response);
}
public void init(FilterConfig arg0) throws ServletException {
}
}