解决ajax请求session超时不跳转页面的问题

7a92ee98 · stylefeng · fa72470f · 7a92ee98 · 7a92ee98 · 7a92ee98
Commit 7a92ee98 authored Jan 31, 2018 by stylefeng
5 changed files
--- a/guns-admin/src/main/java/com/stylefeng/guns/config/web/ShiroConfig.java
+++ b/guns-admin/src/main/java/com/stylefeng/guns/config/web/ShiroConfig.java
 package com.stylefeng.guns.config.web;
 import com.stylefeng.guns.config.properties.GunsProperties;
+import com.stylefeng.guns.core.intercept.GunsUserFilter;
 import com.stylefeng.guns.core.shiro.ShiroDbRealm;
 import org.apache.shiro.cache.CacheManager;
 import org.apache.shiro.cache.ehcache.EhCacheManager;
@@ -22,6 +23,8 @@ import org.springframework.cache.ehcache.EhCacheManagerFactoryBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import javax.servlet.Filter;
+import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
@@ -135,6 +138,14 @@ public class ShiroConfig {
         * 没有权限跳转的url
         */
        shiroFilter.setUnauthorizedUrl("/global/error");
+        /**
+         * 覆盖默认的user拦截器(默认拦截器解决不了ajax请求 session超时的问题,若有更好的办法请及时反馈作者)
+         */
+        HashMap<String, Filter> myFilters = new HashMap<>();
+        myFilters.put("user", new GunsUserFilter());
+        shiroFilter.setFilters(myFilters);
        /**
         * 配置shiro拦截器链
         *

--- a/guns-admin/src/main/java/com/stylefeng/guns/core/aop/GlobalExceptionHandler.java
+++ b/guns-admin/src/main/java/com/stylefeng/guns/core/aop/GlobalExceptionHandler.java
@@ -14,6 +14,7 @@ import org.apache.shiro.session.InvalidSessionException;
 import org.apache.shiro.session.UnknownSessionException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpStatus;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.ControllerAdvice;
@@ -35,6 +36,7 @@ import static com.stylefeng.guns.core.support.HttpKit.getRequest;
 * @date 2016年11月12日 下午3:19:56
 */
 @ControllerAdvice
+@Order(-1)
 public class GlobalExceptionHandler {
    private Logger log = LoggerFactory.getLogger(this.getClass());

--- a/guns-admin/src/main/java/com/stylefeng/guns/core/aop/PermissionAop.java
+++ b/guns-admin/src/main/java/com/stylefeng/guns/core/aop/PermissionAop.java
@@ -22,6 +22,7 @@ import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Pointcut;
 import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
 import javax.naming.NoPermissionException;
@@ -32,6 +33,7 @@ import java.lang.reflect.Method;
 */
 @Aspect
 @Component
+@Order(200)
 public class PermissionAop {
    @Pointcut(value = "@annotation(com.stylefeng.guns.common.annotion.Permission)")

--- a/guns-admin/src/main/java/com/stylefeng/guns/core/intercept/GunsUserFilter.java
+++ b/guns-admin/src/main/java/com/stylefeng/guns/core/intercept/GunsUserFilter.java
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.stylefeng.guns.core.intercept;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.web.filter.AccessControlFilter;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+/**
+ * Filter that allows access to resources if the accessor is a known user, which is defined as
+ * having a known principal.  This means that any user who is authenticated or remembered via a
+ * 'remember me' feature will be allowed access from this filter.
+ * <p/>
+ * If the accessor is not a known user, then they will be redirected to the {@link #setLoginUrl(String) loginUrl}</p>
+ *
+ * @since 0.9
+ */
+public class GunsUserFilter extends AccessControlFilter {
+    /**
+     * Returns <code>true</code> if the request is a
+     * {@link #isLoginRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse) loginRequest} or
+     * if the current {@link #getSubject(javax.servlet.ServletRequest, javax.servlet.ServletResponse) subject}
+     * is not <code>null</code>, <code>false</code> otherwise.
+     *
+     * @return <code>true</code> if the request is a
+     * {@link #isLoginRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse) loginRequest} or
+     * if the current {@link #getSubject(javax.servlet.ServletRequest, javax.servlet.ServletResponse) subject}
+     * is not <code>null</code>, <code>false</code> otherwise.
+     */
+    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
+        if (isLoginRequest(request, response)) {
+            return true;
+        } else {
+            Subject subject = getSubject(request, response);
+            // If principal is not null, then the user is known and should be allowed access.
+            return subject.getPrincipal() != null;
+        }
+    }
+    /**
+     * This default implementation simply calls
+     * {@link #saveRequestAndRedirectToLogin(javax.servlet.ServletRequest, javax.servlet.ServletResponse) saveRequestAndRedirectToLogin}
+     * and then immediately returns <code>false</code>, thereby preventing the chain from continuing so the redirect may
+     * execute.
+     */
+    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
+        /**
+         * 让请求继续执行,直到走到SessionTimeoutInterceptor
+         */
+        //saveRequestAndRedirectToLogin(request, response);
+        return true;
+    }
+}
--- a/guns-admin/src/main/java/com/stylefeng/guns/core/intercept/SessionTimeoutInterceptor.java
+++ b/guns-admin/src/main/java/com/stylefeng/guns/core/intercept/SessionTimeoutInterceptor.java
@@ -8,6 +8,7 @@ import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Pointcut;
+import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
 /**
@@ -18,6 +19,7 @@ import org.springframework.stereotype.Component;
 */
 @Aspect
 @Component
+@Order(100)
 public class SessionTimeoutInterceptor extends BaseController {
    @Pointcut("execution(* com.stylefeng.guns.*..controller.*.*(..))")