Spring MVC 处理会话已过期
问题描述:
我正在使用 Jboss EAP 6.2、Java EE 6 和 Spring MVC 4.0.2.当会话过期时,我想执行页面重定向.
I'm working with Jboss EAP 6.2, Java EE 6 and Spring MVC 4.0.2.
When the session expired I want to execute a page redirect.
我开发了一个 Spring Interceptor
I have developed a Spring Interceptor
@Component
public class SessionExpiredInterceptor extends HandlerInterceptorAdapter {
static final Logger logger = Logger.getLogger(SessionExpiredInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
final HttpSession session = request.getSession(false);
if ( session == null || session.isNew() ) {
ConfigurationProperties confProp = ConfigurationProperties.getInstance();
logger.info("Sessione scaduta, redirect home page");
request.getSession(true);
response.sendRedirect(request.getContextPath() + "/" +
confProp.getInstance().getProperty("session.expired.redirect"));
}
return true;
}
}
但我有以下异常:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.navigator': Scope 'session' is not active for the current thread; consider defining a scoped proxy for this bean if you intend to refer to it from a singleton; nested exception is java.lang.IllegalStateException: JBWEB000043: Cannot create a session after the response has been committed
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:353)
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:195)
org.springframework.aop.target.SimpleBeanTargetSource.getTarget(SimpleBeanTargetSource.java:35)
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.getTarget(CglibAopProxy.java:676)
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:627)
it.lispa.sire.finanziamentionline.web.mvc.model.Navigator$$EnhancerBySpringCGLIB$$b6b810e.addNavigationMessages(<generated>)
it.lispa.sire.finanziamentionline.web.mvc.UserSessionInterceptor.preHandle(UserSessionInterceptor.java:91)
org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:130)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:939)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:876)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:961)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:852)
javax.servlet.http.HttpServlet.service(HttpServlet.java:734)
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837)
javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
JBWEB000071: root cause
java.lang.IllegalStateException: JBWEB000043: Cannot create a session after the response has been committed
org.apache.catalina.connector.Request.doGetSession(Request.java:2627)
org.apache.catalina.connector.Request.getSession(Request.java:2361)
org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:790)
org.springframework.web.context.request.ServletRequestAttributes.getSession(ServletRequestAttributes.java:79)
org.springframework.web.context.request.ServletRequestAttributes.getSessionMutex(ServletRequestAttributes.java:212)
org.springframework.web.context.request.SessionScope.get(SessionScope.java:91)
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:338)
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:195)
org.springframework.aop.target.SimpleBeanTargetSource.getTarget(SimpleBeanTargetSource.java:35)
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.getTarget(CglibAopProxy.java:676)
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:627)
it.lispa.sire.finanziamentionline.web.mvc.model.Navigator$$EnhancerBySpringCGLIB$$b6b810e.addNavigationMessages(<generated>)
it.lispa.sire.finanziamentionline.web.mvc.UserSessionInterceptor.preHandle(UserSessionInterceptor.java:91)
org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:130)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:939)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:876)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:961)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:852)
javax.servlet.http.HttpServlet.service(HttpServlet.java:734)
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837)
javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
navigator bean 被注入到一些@Controller 和其他 Interceptor 中.
The navigator bean is injected in some @Controller and other Interceptor.
这是一个使用 Navigator bean 的拦截器:
This is a Interceptor that use Navigator bean:
@Component
public class UserSessionInterceptor extends HandlerInterceptorAdapter {
@Autowired
private Navigator navigator;
static final Logger logger = Logger.getLogger(UserSessionInterceptor.class.getName());
public static ConfigurationProperties getAuthenticationProps() throws IOException {
return ConfigurationProperties.getInstance();
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
...}
}
以下是spring.xml
<mvc:interceptor>
<mvc:mapping path="/**"/>
<mvc:exclude-mapping path="/static/**" />
<mvc:exclude-mapping path="/index.jsp" />
<mvc:exclude-mapping path="/logout" />
<mvc:exclude-mapping path="/ajax-logout" />
<bean class="it.lispa.sire.finanziamentionline.web.mvc.SessionExpiredInterceptor" />
</mvc:interceptor>
<mvc:interceptor>
<mvc:mapping path="/home"/>
<mvc:exclude-mapping path="/static/**" />
<mvc:exclude-mapping path="/logout" />
<mvc:exclude-mapping path="/ajax-logout" />
<bean class="it.lispa.sire.finanziamentionline.web.mvc.UserSessionInterceptor"/>
</mvc:interceptor>
你能帮我吗?谢谢.
答
这里发生的是 SessionExpiredInterceptor 在 UserSessionInterceptor 之前起作用.如果检测到会话是新的,则执行重定向
What happens here is that SessionExpiredInterceptor acts before UserSessionInterceptor. If it detects that the session is new, it performs a redirect
response.sendRedirect(request.getContextPath() + "/" +
confProp.getInstance().getProperty("session.expired.redirect"));
一旦您进行了重定向,您基本上就表示您已完成处理请求并已发送响应(301 状态代码).但是,在您的代码中,您从 preHandle 返回了 true,这向 DispatcherServlet 表明它应该继续处理请求,执行另一个拦截器并最终到达 @Controller.
Once you do a redirect, you've basically stated that you're finished processing the request and have sent a response (301 status code). But instead, in your code, you are returning true from preHandle which indicates to the DispatcherServlet that it should continue handling the request, execute the other interceptors and eventually reach the @Controller.
你不想要这个.在if块中,在sendRedirect之后返回false.
You don't want this. In the if block, return false after the sendRedirect.