Java Code Examples for org.apache.shiro.session.ExpiredSessionException

The following examples show how to use org.apache.shiro.session.ExpiredSessionException. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@GetMapping("login")
@ResponseBody
public Object login(HttpServletRequest request) {
    if (FebsUtil.isAjaxRequest(request)) {
        throw new ExpiredSessionException();
    } else {
        ModelAndView mav = new ModelAndView();
        mav.setViewName(FebsUtil.view("login"));
        return mav;
    }
}
 
Example 2
Source Project: SpringAll   Source File: GlobalExceptionHandler.java    License: MIT License 4 votes vote down vote up
@ExceptionHandler(value = ExpiredSessionException.class )
public String handleExpiredSessionException() {
	return "login";
}
 
Example 3
Source Project: belling-admin   Source File: ExceptionResolver.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response, Object handler,
		Exception exception) {
	Object result = null;
	String url = request.getRequestURI();//请求URL
	ModelAndView mv = new ModelAndView();
	boolean isJson = ServletUtil.isJSONResponse(request);//是否需要返回json格式数据
	if(exception instanceof org.apache.shiro.authz.UnauthorizedException){
		//没有访问权限
		System.out.println("***没有访问权限:" + url + "  ***" + exception.getMessage());
		mv.addObject("message", "抱歉,您没有当前的操作权限!");//没有操作权限
		LoggerUtils.fmtError(ExceptionResolver.class, exception, exception.getMessage());
	} else if (exception instanceof BaseException) {
		BaseException ae = (BaseException) exception;
		result = ResponseResult.create(ae.getCode()).setMessage(ae.getMessage());
	} else if (exception instanceof ExpiredSessionException) {
		// 捕获因Session会话失效被shiro过滤器拦截异常处理响应数据格式不对,导致tabels js报错问题
		result = TablePageResult.createSuccessResult(new ArrayList<UserOnlineDTO>(), 0, 1);
	} else {
		mv.addObject("message", exception.getMessage());//没有操作权限
		result = ResponseResult.create(ResponseCode.ERROR).setMessage("未知错误");
		LoggerUtils.fmtError(ExceptionResolver.class, exception, exception.getMessage());
	}
	//最后返回错误提示信息
	if(isJson){
		response.setContentType("application/json;charset=UTF-8");
		response.setStatus(HttpStatus.OK.value());
		try {
			PrintWriter writer = response.getWriter();
			writer.write(JSON.toJSONString(result));
			writer.flush();
			writer.close();
		} catch (IOException e) {
			LoggerUtils.fmtError(ExceptionResolver.class, e, "Failed to serialize the object to json for exception resolver!");
		}
	} else{
		//不需要返回json格式,直接返回错误提示页面
		mv.setViewName("exception");
	}
	return mv;
}
 
Example 4
Source Project: bamboobsc   Source File: UserLoginInterceptor.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
	ActionContext actionContext=actionInvocation.getInvocationContext();  
	Map<String, Object> session=actionContext.getSession();  
	this.accountObj = (AccountObj)session.get(Constants.SESS_ACCOUNT);
	boolean getUserCurrentCookieFail = false; // 有 sysCurrentId 的 cookie, 但用這個cookie資料count tb_sys_usess 又與 core-web 的資料不符
	/*
	 * String contextPath = ServletActionContext.getServletContext().getContextPath();
	 * if (!contextPath.endsWith( ApplicationSiteUtils.getContextPathFromMap(Constants.getMainSystem()) ) ) {
	 */
	if ( !Constants.getSystem().equals(Constants.getMainSystem()) ) {
		/**
		 * 1. 先用admin登入
		 * 2. 登出admin 改用 tester登入
		 * 這樣的話 gsbsc-web 的 http-session 還是admin , 所以非core-web 要檢查當前CURRENT cookie 中的帳戶是否與 gsbsc-web 一樣
		 * 要是不同的話就讓這個 http-session 失效掉
		 */
		this.invalidCurrentSessionForDifferentAccount(actionContext);								
		if (accountObj==null) {
			getUserCurrentCookie(actionContext);
			if (accountObj==null && UserCurrentCookie.foundCurrent( (HttpServletRequest)actionContext.get(StrutsStatics.HTTP_REQUEST) ) ) {
				 // 有 sysCurrentId 的 cookie, 但用這個cookie資料count tb_sys_usess 又與 core-web 的資料不符
				getUserCurrentCookieFail = true;
			}				
		}			
	}
	if (accountObj!=null && !StringUtils.isBlank(accountObj.getAccount()) ) {
		Map<String, String> dataMap = UserCurrentCookie.getCurrentData( (HttpServletRequest)actionContext.get(StrutsStatics.HTTP_REQUEST) );
		String currentId = StringUtils.defaultString( dataMap.get("currentId") );
		if ( StringUtils.isBlank(currentId) ) {
			currentId = "NULL";
		}
		if (uSessLogHelper.countByCurrent(accountObj.getAccount(), currentId)<1) {
			return this.redirectLogin(session, getUserCurrentCookieFail);
		}						
		boolean isUnknownSession = false;
		SecurityUtils.setSecurityManager( (DefaultSecurityManager)AppContext.getBean("securityManager") );
		Subject subject = SecurityUtils.getSubject();
		try {
			if (subject.isAuthenticated() && !accountObj.getAccount().equals(subject.getPrincipal()) ) {
				subject.logout();
			}				
		} catch (ExpiredSessionException ese) {
			logger.warn( ese.getMessage().toString() );
			return this.redirectLogin(session, getUserCurrentCookieFail);
		} catch (UnknownSessionException ue) {
			logger.warn( ue.getMessage().toString() );
			isUnknownSession = true;
		}
		
		/**
		 * core-web 有 session了, 但gsbsc-web 沒有session, 所以產生gsbsc-web 的 http session
		 * 或是 apache shiro session 失效 expires
		 */			
		if ( !subject.isAuthenticated() || isUnknownSession ) {
			GreenStepBaseUsernamePasswordToken token = new GreenStepBaseUsernamePasswordToken();
			//token.setRememberMe(true);
			token.setRememberMe(false);
			token.setCaptcha("");
			token.setUsername(accountObj.getAccount());		
			token.setPassword( ((AccountVO)accountObj).getPassword().toCharArray() );
			try {					
				subject.login(token);
			} catch (UnknownAccountException uae) {
				logger.warn( uae.getMessage().toString() );
			    subject = new Subject.Builder().buildSubject();	
			    subject.login(token);
			} catch (UnknownSessionException use) {
				logger.warn( use.getMessage().toString() );
			    subject = new Subject.Builder().buildSubject();					
				/*
				Serializable sessionId = subject.getSession().getId();
				System.out.println("SESSION_ID=" + sessionId);
				subject = new Subject.Builder( (DefaultSecurityManager)AppContext.getBean("securityManager") )
					.sessionId(sessionId)
					.buildSubject();
				*/
			    subject.login(token);		
			} 
			UserAccountHttpSessionSupport.create(actionContext, accountObj);
		}
		return actionInvocation.invoke();
	}	
	return this.redirectLogin(session, getUserCurrentCookieFail);
}