org.apache.shiro.session.ExpiredSessionException Java Examples

@GetMapping("login")
@ResponseBody
public Object login(HttpServletRequest request) {
    if (FebsUtil.isAjaxRequest(request)) {
        throw new ExpiredSessionException();
    } else {
        ModelAndView mav = new ModelAndView();
        mav.setViewName(FebsUtil.view("login"));
        return mav;
    }
}
 

@ExceptionHandler(value = ExpiredSessionException.class )
public String handleExpiredSessionException() {
	return "login";
}
 

@Override
public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response, Object handler,
		Exception exception) {
	Object result = null;
	String url = request.getRequestURI();//请求URL
	ModelAndView mv = new ModelAndView();
	boolean isJson = ServletUtil.isJSONResponse(request);//是否需要返回json格式数据
	if(exception instanceof org.apache.shiro.authz.UnauthorizedException){
		//没有访问权限
		System.out.println("***没有访问权限:" + url + "  ***" + exception.getMessage());
		mv.addObject("message", "抱歉，您没有当前的操作权限！");//没有操作权限
		LoggerUtils.fmtError(ExceptionResolver.class, exception, exception.getMessage());
	} else if (exception instanceof BaseException) {
		BaseException ae = (BaseException) exception;
		result = ResponseResult.create(ae.getCode()).setMessage(ae.getMessage());
	} else if (exception instanceof ExpiredSessionException) {
		// 捕获因Session会话失效被shiro过滤器拦截异常处理响应数据格式不对，导致tabels js报错问题
		result = TablePageResult.createSuccessResult(new ArrayList<UserOnlineDTO>(), 0, 1);
	} else {
		mv.addObject("message", exception.getMessage());//没有操作权限
		result = ResponseResult.create(ResponseCode.ERROR).setMessage("未知错误");
		LoggerUtils.fmtError(ExceptionResolver.class, exception, exception.getMessage());
	}
	//最后返回错误提示信息
	if(isJson){
		response.setContentType("application/json;charset=UTF-8");
		response.setStatus(HttpStatus.OK.value());
		try {
			PrintWriter writer = response.getWriter();
			writer.write(JSON.toJSONString(result));
			writer.flush();
			writer.close();
		} catch (IOException e) {
			LoggerUtils.fmtError(ExceptionResolver.class, e, "Failed to serialize the object to json for exception resolver!");
		}
	} else{
		//不需要返回json格式，直接返回错误提示页面
		mv.setViewName("exception");
	}
	return mv;
}
 

@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
	ActionContext actionContext=actionInvocation.getInvocationContext();  
	Map<String, Object> session=actionContext.getSession();  
	this.accountObj = (AccountObj)session.get(Constants.SESS_ACCOUNT);
	boolean getUserCurrentCookieFail = false; // 有 sysCurrentId 的 cookie, 但用這個cookie資料count tb_sys_usess 又與 core-web 的資料不符
	/*
	 * String contextPath = ServletActionContext.getServletContext().getContextPath();
	 * if (!contextPath.endsWith( ApplicationSiteUtils.getContextPathFromMap(Constants.getMainSystem()) ) ) {
	 */
	if ( !Constants.getSystem().equals(Constants.getMainSystem()) ) {
		/**
		 * 1. 先用admin登入
		 * 2. 登出admin 改用 tester登入
		 * 這樣的話 gsbsc-web 的 http-session 還是admin , 所以非core-web 要檢查當前CURRENT cookie 中的帳戶是否與 gsbsc-web 一樣
		 * 要是不同的話就讓這個 http-session 失效掉
		 */
		this.invalidCurrentSessionForDifferentAccount(actionContext);								
		if (accountObj==null) {
			getUserCurrentCookie(actionContext);
			if (accountObj==null && UserCurrentCookie.foundCurrent( (HttpServletRequest)actionContext.get(StrutsStatics.HTTP_REQUEST) ) ) {
				 // 有 sysCurrentId 的 cookie, 但用這個cookie資料count tb_sys_usess 又與 core-web 的資料不符
				getUserCurrentCookieFail = true;
			}				
		}			
	}
	if (accountObj!=null && !StringUtils.isBlank(accountObj.getAccount()) ) {
		Map<String, String> dataMap = UserCurrentCookie.getCurrentData( (HttpServletRequest)actionContext.get(StrutsStatics.HTTP_REQUEST) );
		String currentId = StringUtils.defaultString( dataMap.get("currentId") );
		if ( StringUtils.isBlank(currentId) ) {
			currentId = "NULL";
		}
		if (uSessLogHelper.countByCurrent(accountObj.getAccount(), currentId)<1) {
			return this.redirectLogin(session, getUserCurrentCookieFail);
		}						
		boolean isUnknownSession = false;
		SecurityUtils.setSecurityManager( (DefaultSecurityManager)AppContext.getBean("securityManager") );
		Subject subject = SecurityUtils.getSubject();
		try {
			if (subject.isAuthenticated() && !accountObj.getAccount().equals(subject.getPrincipal()) ) {
				subject.logout();
			}				
		} catch (ExpiredSessionException ese) {
			logger.warn( ese.getMessage().toString() );
			return this.redirectLogin(session, getUserCurrentCookieFail);
		} catch (UnknownSessionException ue) {
			logger.warn( ue.getMessage().toString() );
			isUnknownSession = true;
		}
		
		/**
		 * core-web 有 session了, 但gsbsc-web 沒有session, 所以產生gsbsc-web 的 http session
		 * 或是 apache shiro session 失效 expires
		 */			
		if ( !subject.isAuthenticated() || isUnknownSession ) {
			GreenStepBaseUsernamePasswordToken token = new GreenStepBaseUsernamePasswordToken();
			//token.setRememberMe(true);
			token.setRememberMe(false);
			token.setCaptcha("");
			token.setUsername(accountObj.getAccount());		
			token.setPassword( ((AccountVO)accountObj).getPassword().toCharArray() );
			try {					
				subject.login(token);
			} catch (UnknownAccountException uae) {
				logger.warn( uae.getMessage().toString() );
			    subject = new Subject.Builder().buildSubject();	
			    subject.login(token);
			} catch (UnknownSessionException use) {
				logger.warn( use.getMessage().toString() );
			    subject = new Subject.Builder().buildSubject();					
				/*
				Serializable sessionId = subject.getSession().getId();
				System.out.println("SESSION_ID=" + sessionId);
				subject = new Subject.Builder( (DefaultSecurityManager)AppContext.getBean("securityManager") )
					.sessionId(sessionId)
					.buildSubject();
				*/
			    subject.login(token);		
			} 
			UserAccountHttpSessionSupport.create(actionContext, accountObj);
		}
		return actionInvocation.invoke();
	}	
	return this.redirectLogin(session, getUserCurrentCookieFail);
}