在web.xml中配置过滤器
<filter>
<filter-name>sessionFilter</filter-name>
<filter-class>com.web.filter.SessionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sessionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
sessionFilter:
public class sessionFilterextends OncePerRequestFilter {
/**
* 内部过滤器
*
* @param request 请求
* @param response 响应
* @param filterChain 过滤器链
* @throws ServletException Serverlet异常
* @throws IOException IO异常
*/
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
try {
String uri = request.getRequestURI();
// 默认转换至主页
if (uri.endsWith("/")) {
//登录验证通过
if (null != AuthUtil.getSessionUserAuth(request)) {
response.sendRedirect("home.htm");
} else {//未登录跳转到登录页
response.sendRedirect(request.getRequestURL() + "login.htm");
}
} else if (uri.contains("/app/")) {//所有的controller经过时都要检查Cookie及更新redis中的超时时间
// Cookie处理
setCookie(request, response);
//请求继续执行
filterChain.doFilter(request, response);
} else {
filterChain.doFilter(request, response);
}
} catch (Exception e) {
logger.error("PassengerFlowCounting filter error", e);
}
}
/**
* Cookie处理
*
* @param request 请求
* @param response 响应
*/
protected void setCookie(HttpServletRequest request, HttpServletResponse response) {
String cookieValue = CookieUtil.getCookieValue(request, AuthUtil.COOKIEID);
// 写入Cookie
if (StringUtils.isEmpty(cookieValue)) {
cookieValue = CookieUtil.getUuid32();
CookieUtil.setCookie(request, response, AuthUtil.COOKIEID, cookieValue, -1);
} else { // 根据cookieValue 查询redis 服务器 ,判断用户是否已经登录
String sessionValue = RedisUtils.getInstance().get(AuthUtil.SESS_PREFIX + cookieValue);
UserLoginInfoVO sessionUserAuth = AuthUtil.getSessionUserAuth(request);
if (null != sessionValue) {
Gson gson = new Gson();
//机器间跳转 session为空的情况
UserLoginInfoVO parseObject = gson.fromJson(sessionValue, UserLoginInfoVO.class);
//为空 或者 不为空 但是同一浏览器不同用户再登录的情况 --同一用户修改权限后重新登录 不同server不生效的情况
if (null == sessionUserAuth || (!parseObject.getUsrCd().equals(sessionUserAuth.getUsrCd())) || (parseObject.getCurrentDateTime() > sessionUserAuth.getCurrentDateTime())) {
AuthUtil.setSessionAccountAuth(request, parseObject);
}
//重新设置session超时时间
RedisUtils.getInstance().expire(AuthUtil.SESS_PREFIX + cookieValue, AuthUtil.getMaxInactiveInterval(request));
} else {
if (null != sessionUserAuth) {
//移除本地缓存验证用户
AuthUtil.removeSessionUserAuth(request);
}
}
}
}
}