配置缓存文件,用来存储SessionId,将UserId作为key。(此处未贴代码)

创建sessionTimeOut.jsp文件(此处未贴代码)


-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------

配置Struts.xml文件(Class属性不用配置,仅用于跳转)

<action name="sessionTimeOut">
    <result name="success">/WEB-INF/page/sessionTimeOut.jsp</result>
</action>


-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------

Action文件(登录时保存SessionId

public String login(){
        HttpSession session = ServletActionContext.getRequest().getSession();
        //验证码
        String genValidatecode = (String)session.getAttribute("RANDOMVALIDATECODEKEY");
        session.setAttribute("user", student);//这里是引用传递,如果add方法也是这个Action,则添加用户时会更改Student的属性值。
        String sessionID = session.getId();

        //将sessionId存入缓存

        EhcacheUtil.getInstance().put("com.sessoinId", student.getStuNo(), sessionID);
        return SUCCESS;
}

-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------

创建用户登录校验过滤器LoginFilter

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import com.shenzhen.management.pojo.Student;

public class LoginFilter implements Filter {

    private FilterConfig filterConfig;

    private String noFilterURI;
    Logger logger = Logger.getLogger(LoginFilter.class);

    public LoginFilter() {
        filterConfig = null;
        noFilterURI = null;
    }

   public void init(FilterConfig filterConfig) throws ServletException{
       this.filterConfig = filterConfig;
       noFilterURI = filterConfig.getInitParameter("noFilterURI");
   }
    
    public void destroy(){
        filterConfig = null;
    }

     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException{

         HttpServletRequest request  = (HttpServletRequest)servletRequest;
         String indexURI = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+request.getContextPath();

         //用户登录检查
         String requestUrl = request.getRequestURL().toString();
         logger.debug(requestUrl);
         if(requestUrl.equals(indexURI+"/")||requestUrl.equals(indexURI+"/login")||requestUrl.equals(indexURI+"/sessionTimeOut")||requestUrl.endsWith("imageServlet.servlet")||requestUrl.endsWith(".js")){
              filterChain.doFilter(servletRequest, servletResponse);
         }else{
              HttpSession session = request.getSession();
              Student user = (Student)session.getAttribute("user");
              if(null == user){
                  HttpServletResponse response = (HttpServletResponse)servletResponse;
                  response.sendRedirect(indexURI+"/sessionTimeOut");
         }else{
                  filterChain.doFilter(servletRequest, servletResponse);
         }  
       }  
    }
}

-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------

创建Session唯一性过滤器OnlySession 

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import com.shenzhen.management.pojo.Student;
import com.shenzhen.management.util.ehcache.EhcacheUtil;


public class OnlySession implements Filter {
    private FilterConfig filterConfig;
    Logger logger = Logger.getLogger(OnlySession.class);
    public OnlySession() {
        filterConfig = null;
    }

    public void init(FilterConfig filterConfig) throws ServletException{
        this.filterConfig = filterConfig;
    }
    public void destroy(){
        filterConfig = null;
    }
/**
* session超时和session唯一性检查
*/
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException,ServletException{
    HttpServletRequest request  = (HttpServletRequest)servletRequest;
    String indexURI = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+request.getContextPath();
    String requestUrl = request.getRequestURL().toString();
    //登录时不进行拦截
    if(requestUrl.equals(indexURI+"/")||requestUrl.equals(indexURI+"/login")||requestUrl.equals(indexURI+"/sessionTimeOut")||requestUrl.endsWith("imageServlet.servlet")||requestUrl.endsWith(".js"))
    {
    filterChain.doFilter(servletRequest, servletResponse);
    }else{  
         Student user = (Student)request.getSession().getAttribute("user");
         HttpServletResponse response = (HttpServletResponse)servletResponse;
         //如果session超时
         if(null == user){
             response.sendRedirect(indexURI+"/sessionTimeOut");
         }else{
             String userId = user.getStuNo();
             String sessionId = request.getSession().getId();
             String onlySessionId = (String)EhcacheUtil.getInstance().get("com.sessoinId", userId);
             if(sessionId.equals(onlySessionId)){
                 filterChain.doFilter(servletRequest, servletResponse);
              }else{
                  response.sendRedirect(indexURI+"/sessionTimeOut");
               }
          }
      }
   }
}

-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------

 配置web.xml文件(以下Filter配置在Struts2的org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter前面

  <filter>
    <filter-name>LoginFilter</filter-name>
    <filter-class>com.shenzhen.management.util.session.LoginFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>LoginFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <filter>
    <filter-name>OnlySession</filter-name>
    <filter-class>com.shenzhen.management.util.session.OnlySession</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>OnlySession</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <session-config>
    <session-timeout>1</session-timeout>
  </session-config>

-----------------------------------------------------------默默无闻的分割线-----------------------------------------------------------

草稿,希望大家多指教,留言 ,帮助小弟完善。