会话过期后,Spring MVC会将用户重定向到登录页面

时间:2014-04-21 10:45:02

标签: java spring spring-mvc session-variables session-timeout

我在会话中将用户bean存储为@SessionAttributes({"UserBean"})

我的目标是在会话过期时将用户重定向到登录/错误页面。以下是我的代码段

@RequestMapping(value = "searchOpportunity.htm", method = RequestMethod.GET)
public ModelAndView searchOpportunity(@ModelAttribute("UserBean") UserBean userBean) {
    functionName = "searchOpportunity";
    logger.info("HERE !!! In " + className + " - " + functionName + " ");
    System.out.println("HERE !!! In " + className + " - " + functionName + " ");
    try {
        if (userBean == null) {
            System.out.println(userBean);
            return new ModelAndView("userLogout", "command", null);
        }
    } catch (Exception e) {
        e.printStackTrace();
    }
    return new ModelAndView("opportunity/opportunitySearch", "command", new SearchOpportunityBean());
}

但是,当会话过期时,我收到以下错误。

org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet mintDispatcher threw exception
org.springframework.web.HttpSessionRequiredException: Session attribute 'UserBean' required - not found in session
    at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter$ServletHandlerMethodInvoker.raiseSessionRequiredException(AnnotationMethodHandlerAdapter.java:761)
    at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.resolveModelAttribute(HandlerMethodInvoker.java:758)
    at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.resolveHandlerArguments(HandlerMethodInvoker.java:356)
    at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:171)
    at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:436)
    at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:424)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
    at java.lang.Thread.run(Unknown Source)

似乎如果userbean过期,则永远不会执行控制器代码。是什么原因 ? 什么可以解决?

2 个答案:

答案 0 :(得分:2)

为什么不尝试使用Spring Security?

<sec:session-management invalid-session-url="/login">
        <sec:concurrency-control expired-url="/login" />
</sec:session-management>

当用户的会话过期或无效时,这将重定向到/ login页面。

参考:http://docs.spring.io/spring-security/site/docs/3.0.x/reference/springsecurity.html

答案 1 :(得分:0)

你可以在HandlerInterceptorAdapter的帮助下完成。如果执行链应继续执行下一个拦截器或处理程序(您的控制器)本身,则preHandle()方法应该返回true。否则,DispatcherServlet假定这个拦截器已经处理了响应本身。

    public class YourInterceptor extends HandlerInterceptorAdapter {
        public boolean preHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler) throws Exception {
            UserBean userBean = (UserBean) WebUtils.getSessionAttribute(request, "UserBean");
            if(userBean == null){
                //whatever you want to do
                return throw new ModelAndViewDefiningException(new ModelAndView("userLogout", "command", null));
            }else{
                return true;
            }
        }
    }

并在处理程序映射定义中将此拦截器指定为:

    <bean id="yourInterceptor" class="package.YourInterceptor"/>
    <bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
            <property name="order" value="1" />
            <property name="interceptors">
                <list>
                    <ref bean="yourInterceptor" />
                </list>
            </property>
            <property name="mappings">
                <props>
                    <prop key="/searchOpportunity.htm">YourController</prop>    
                </props>
            </property>
        </bean>
相关问题
最新问题