1. Configure the timeout time of session in web.xml
<! -- configure session timeout in minutes -- > <session-config> <session-timeout>180</session-timeout> </session-config>
2. I also post a session tool class here to facilitate obtaining the user information in the session after the successful login.
package com.wzxy.nc.util; import com.opensymphony.xwork2.ActionContext; import com.wzxy.nc.entity.SysUser; public class HttpSessionUtil{ @SuppressWarnings("unchecked") public static <T> T getObject(String key,T t){ return (T)ActionContext.getContext().getSession().get(key); } public static void put(String key,Object value){ ActionContext.getContext().getSession().put(key, value); } public static SysUser getCurrentUser(){ // Sysconstant.login'user is a string, that is, the key where you put the session user information return (SysUser) ActionContext.getContext().getSession().get(SysConstant.LOGIN_USER); } }
- Write an interceptor class to implement the intercepting logic
package com.wzxy.nc.interceptor; import javax.servlet.http.HttpServletResponse; import org.apache.struts2.ServletActionContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.interceptor.AbstractInterceptor; import com.wzxy.nc.entity.SysUser; import com.wzxy.nc.util.HttpSessionUtil; public class LoginInterceptor extends AbstractInterceptor { private static final long serialVersionUID = 7860956813431996758L; private static final Logger logger = LoggerFactory.getLogger(LoginInterceptor.class); @Override public String intercept(ActionInvocation ai) throws Exception { logger.info("************** Landing interceptor **************"); // Get the requested URL String url = ServletActionContext.getRequest().getRequestURL().toString(); HttpServletResponse response = ServletActionContext.getResponse(); response.setHeader("Pragma", "No-cache"); response.setHeader("Cache-Control", "no-cache"); response.setHeader("Cache-Control", "no-store"); response.setDateHeader("Expires", 0); SysUser user = null; // Direct release of login and logout requests without interception if (url.indexOf("login") != -1 || url.indexOf("logout") != -1) { return ai.invoke(); } else { // Verify that the Session expires if (!ServletActionContext.getRequest().isRequestedSessionIdValid()) { // Session expiration, turn to session expiration prompt page, and finally jump to login page return "relogin"; } else { user = HttpSessionUtil.getCurrentUser(); // Verify that you are logged in if (user == null) { logger.info("Not yet logged in"); // Not logged in, jump to login page return "relogin"; } else { return ai.invoke(); } } } } }
4. Configure the interceptor in struts 2 and run the project test
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.1//EN" "http://struts.apache.org/dtds/struts-2.1.dtd"> <struts> <package name="default" namespace="/" extends="json-default,struts-default"> <interceptors> <interceptor name="loginInterceptor" class="com.wzxy.nc.interceptor.LoginInterceptor"/> <interceptor-stack name="loginStack"> <interceptor-ref name="loginInterceptor" /> <interceptor-ref name="defaultStack" /> </interceptor-stack> </interceptors> <global-results> <result name="relogin" type="redirect">/login.jsp</result> </global-results> <action name="*_*" method="{2}" class="com.wzxy.nc.controller.{1}Controller"> <result name="success">${forwardPage}</result> <result name="error">${forwardPage}</result> <result name="redt" type="redirect">${forwardPage}</result> <result name="download" type="stream"> <!-- Specify the type of download file --> <param name="contentType">application/octet-stream</param> <!-- Specify where to download files --> <param name="inputName">fileInputStream</param> <param name="contentDisposition">attachement;filename=${downFileName}</param> <!-- Specifies the buffer size of the download file --> <param name="bufferSize">4096</param> </result> <result name="json" type="json"> <param name="root">dataMap</param> </result> <interceptor-ref name="loginStack" /> </action> </package> </struts>
5. It should be noted that if the page is nested in iframe or frameset, you can write this section of js on the landing page, so that you can jump out of the whole iframe.
<script language="javascript"> if(window !=top){ top.location.href=location.href; } </script>