java Servlet Filter 拦截Ajax请求，统一处理session超时的问题

后台增加filter，注意不要把druid也屏蔽了

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;

import cn.zsmy.constant.Constant;
import cn.zsmy.entity.User;

/** 
 * session超时过滤 
 *  
 * @date 2016-10-20
 */  
public class SessionFilter implements Filter {  
      
    @Override  
    public void init(FilterConfig filterConfig) throws ServletException {  
  
    }  
  
    @Override  
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,  
            ServletException {  
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;  
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;  
       
        //只过滤了ajax请求时session超时
         if (httpServletRequest.getHeader("x-requested-with") != null  
                 && httpServletRequest.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")) {  
                 Subject subject = SecurityUtils.getSubject();
                User user = (User) subject.getPrincipal();
                if(user == null){
                    Constant.MY_LOG.debug("filter：sessionstatus timeout！");
                    //如果是ajax请求响应头会有，x-requested-with  
                    httpServletResponse.setHeader("sessionstatus", "timeout");//在响应头设置session状态  
                    return;  
                }
         } 
     
        chain.doFilter(request, response);  
    }  
  
    @Override  
    public void destroy() {  
  
    }  
  
} 

web.xml加入过滤器配置，注意不要把druid也屏蔽了，url-pattern可以指定过滤的东西

<!--session超时过滤处理 -->
    <filter>
        <filter-name>sessionFilter</filter-name>
        <filter-class>cn.zsmy.palmdoctor.filter.SessionFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>sessionFilter</filter-name>
        <!-- <url-pattern>/*</url-pattern> -->
        <url-pattern>*.do</url-pattern>
    </filter-mapping>

在公共的js文件中加入以下全局控制ajax的配置

<c:set var="appPath" value="<%=request.getContextPath()%>"/>

<script type="text/javascript">
$(function(){
    $.ajaxSetup ({
        cache: false, //关闭AJAX缓存
        async:false, //同步请求
        contentType:"application/x-www-form-urlencoded;charset=utf-8",  
        complete:function(XMLHttpRequest,textStatus){  
            //通过XMLHttpRequest取得响应头，sessionstatus，  
            var sessionstatus=XMLHttpRequest.getResponseHeader("sessionstatus");   
            if(sessionstatus=="timeout"){  
                alert("由于您长时间未操作,登录已失效,请重新登录");
                parent.location.href = "${appPath}/login.do";
            }  
        }  
    });
}); 
</script>