前言

我们在做项目过程中，经常会遇到这样的情况。一个账户登陆后，可能会长时间不操作系统。用户如果再次操作的话，要提示用户登陆超时，跳转至登陆页面让用户重新输入密码登陆。另外如果一个用户的账户在A地登陆，在时候这个账户又同时在B地登陆，也及时给用户进行提示。这些功能都是为了用户账户安全考虑，下面我把实现方式分享出来，大家可以进行参考。

登陆过期提示

 @Repository
public class SessionFilterTest  extends  OncePer Request Filter {
    protected  void  doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws Servlet Exception , IOException {
        // 不过滤的uri
        String[] notFilter = new String[]{"login.html", ".html", ".ico", ".css", ".js", ".png", ".gif", ".jpg",
                ".jsp", "api/"};
        String uri = request.getRequestURI();
        // 判断请示的URL是否过滤
         boolean  doFilter = true;
        for (String s : notFilter) {
            if (uri.indexOf(s) != -1) {
                doFilter = false;// 如果uri中包含不过滤的uri，则不进行过滤
                break;
            }
        }
        if (doFilter) {
             HttpSession   session  = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
                    .getRequest().getSession();
            TAdmUser userInfo = (TAdmUser) session.getAttribute("CURRENTUSER");
            //session为空  说明登陆登时
            if ( null  == userInfo) {
                response.setCharacterEncoding("UTF-8");
                response.sendError(401, "您已经太长时间没有操作,请刷新页面");
                response.send Redirect ("login.html");
                return;
            } else {
                filterChain.doFilter(request, response);
            }
        } else {
            filterChain.doFilter(request, response);
        }
    }
    @Override
    protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse,
                                    FilterChain filterChain) throws ServletException, IOException {
        doFilterInternal((HttpServletRequest) servletRequest, (HttpServletResponse)  Servlet Response,
                (FilterChain) filterChain);
    }
}  

异地登陆提示

 @Repository
public class SessionInterceptorTest extends HandlerInterceptorAdapter {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {
        String uri = request.getRequestURI();
        if (uri.indexOf(".html") != -1 && uri.indexOf("login.html") == -1) {
            String sessionId = request.getSession().getId();
            TAdmUser user = (TAdmUser) request.getSession().getAttribute("CURRENTUSER");
            String userId = user.getPkId().toString();

             Map <String,  LinkedHashMap <String, String>> sessionIdStore = SessionStore.getSessionIdStore();
            LinkedHashMap<String, String> currentSessionIdStore = sessionIdStore.get(userId);
            //如果账号异地登陆，userId已经对应至少一个sessionId
             if  (!"1".equals(currentSessionIdStore.get(sessionId))) {
                //把当前sessionId存储，并标记为可用  如果不标记可实现异地账号无法登陆
                currentSessionIdStore.put(sessionId, "1");
                return Json (response, "您的帐户在其它地方登陆，请确认帐户是否被盗！如果确定本人操作，请刷新页面！");
                return false;
            } else {
                return true;
            }
        } else {
            return true;
        }
    }

     private  void returnJson(ServletResponse response, String json) throws Exception {
        PrintWriter writer = null;
        response.setCharacterEncoding("UTF-8");
        response.setContentType("text/html;  charset =utf-8");
        try {
            writer = response.getWriter();
            writer.print(json);
        } catch (IOException e) {
        } finally {
            if (writer != null)
                writer.close();
        }
    }
}  

拦截器和过滤器的区别

• 拦截器(Interceptor)只对action请求起作用，即Controller提供的服务；而过滤器(Filter)则可以对几乎所有的请求都能起作用，包括css、js等静态资源文件
• 拦截器(Interceptor)是在Servlet和Controller 控制器 之间执行，而过滤器(Filter)是在请求进入 Tomcat 容器之后 但是在请求进入Servlet之前执行

URL处理流程

每天一个小知识，每天进步一点点！！！[加油][加油][加油]