给struts配置登陆验证过滤器，判断Session过期则重新登陆

做的毕设题目，需要用到验证登陆状态，没有登陆的不能访问后台的页面，自动跳转到登陆页面。

参考了 http://blog.csdn.net/fly_fish456/article/details/8096305 这位兄台的博客之后，自己写了个过滤器：

1.首先是在登陆的Action中设置一个session来标志是否已经登陆：

HttpSession session = ServletActionContext.getRequest().getSession();
session.setAttribute("account", account);

2.在项目新建一个LoginFilter类作为过滤器：

package dorm.sys.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.struts2.ServletActionContext;

public class LoginFilter extends HttpServlet implements Filter {

public void destroy() {
}

public void doFilter(ServletRequest sRequest, ServletResponse sResponse,
FilterChain filterChain) throws IOException, ServletException {

HttpServletRequest request = (HttpServletRequest) sRequest;
HttpServletResponse response = (HttpServletResponse) sResponse;
HttpSession session = request.getSession();
String url = request.getServletPath();
String contextPath = request.getContextPath();

if (url.equals("")) {
url += "/";
}
// 未登录时，若访问后台资源,将过滤到login页面
if ((url.startsWith("/") && !url.startsWith("/login"))) {
String user = (String) session.getAttribute("account");
if (user == null) {
response.sendRedirect(contextPath + "/login.html");
return;
} else {
// 登陆之后，验证session是否过期，session过期，转至登陆页面
if (!ServletActionContext.getRequest()
.isRequestedSessionIdValid()) {
response.sendRedirect(contextPath + "/login.html");
return;
}
}
}
filterChain.doFilter(sRequest, sResponse);
}

public void init(FilterConfig arg0) throws ServletException {

}
}

3.web.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>Dorm_mgm_sys</display-name>
<welcome-file-list>
<welcome-file>login.html</welcome-file>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>dorm.sys.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/jsp/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</web-app>

其中：

<session-config>

  <session-timeout>30</session-timeout>

  </session-config>

设置Session 30分钟过期，也就是30分钟没有操作将要跳转到登陆页面重新登陆

这样就可以了,除了login页面外全部都会被过滤器检测。

注：

浏览器关闭后session将被销毁，用户需重新登陆。

退出操作则将session中的username值设置为null即可。