|
采用filter 监控 MessageBrokerServlet 把context 放入 ThreadLocal 中
然后你就可以从 java 程序的任何 方法中 利用 ThreadLocal 得到 当前的session
这个时候结合aop 我采用spring 的aop 在需要 session 验证的方法前 调用一个 Interceptor 来验证 session 过期或者其他权限等
具体代码:
web.xml 中
<filter>
<filter-name>AMFContextFilter</filter-name>
<filter-class>flex.context.AMFContextFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AMFContextFilter</filter-name>
<servlet-name>MessageBrokerServlet</servlet-name>
</filter-mapping>
AMFContextFilter文件
package flex.context;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class AMFContextFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws ServletException, IOException {
AMFContext.setCurrentContext((HttpServletRequest) request,
(HttpServletResponse) response);
chain.doFilter(request, response);
}
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
public void destroy() {
// TODO Auto-generated method stub
}
}
AMFContext文件
package flex.context;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class AMFContext {
/**
* ThreadLocal object for storing object in current thread.
*/
private static ThreadLocal tl = new ThreadLocal();
/**
* Set current context
*
* @param request
* The HttpRequest object
* @param response
* The HttpResponses object
*/
@SuppressWarnings(&quot;unchecked&quot;)
static public void setCurrentContext(HttpServletRequest request,
HttpServletResponse response) {
AMFContext c = getCurrentContext();
if (c == null) {
c = new AMFContext(request, response);
tl.set(c);
} else {
c.setRequest(request);
c.setResponse(response);
}
}
/**
* Get current context value
*
* @return The current context
*/
static public AMFContext getCurrentContext() {
return (AMFContext) tl.get();
}
// ----------------------------------------------------------
//
// Class members
//
// ----------------------------------------------------------
/**
* The http request object. The lifecycle of the request object is defined
* as the request scope. It may be reused in another incoming connection, so
* dont use it in another thread.
*/
private HttpServletRequest request;
/**
* The http response object. The lifecycle of the response object is defined
* as the request scope. Dont use it in another thread. Also dont write
* output to the response when it is used in the context, but you may get or
* set some response header when it is safe.
*/
private HttpServletResponse response;
/**
* The constructor is private, to get an instance of the AMFContext, please
* use getCurrentContext() method.
*
* @param request
* @param response
*/
private AMFContext(HttpServletRequest request, HttpServletResponse response) {
this.request = request;
this.response = response;
}
/**
* Get request object
*
* @return Http request object
*/
public HttpServletRequest getRequest() {
return request;
}
/**
* Set request object
*
* @param Http
* request object
*/
public void setRequest(HttpServletRequest request) {
this.request = request;
}
/**
* Get response object
*
* @return Http response object
*/
public HttpServletResponse getResponse() {
return response;
}
/**
* Set response object
*
* @param response
* Http response object
*/
public void setResponse(HttpServletResponse response) {
this.response = response;
}
/**
* Get the servlet context
*
* @return
*/
public ServletContext getServletContext() {
HttpSession session = this.getSession();
return session.getServletContext();
}
/**
* Get the current running session
*
* @return
*/
public HttpSession getSession() {
return request.getSession();
}
/**
* Get an object stored in the session.
*
* @param attr
* Attribute Name
* @return The value stored under the attribute name.
*/
public Object getSessionAttribute(String attr) {
HttpSession session = this.getSession();
return session.getAttribute(attr);
}
/**
* Store an object in the session.
*
* @param attr
* Attribute Name
* @param value
* The value.
*/
public void setSessionAttribute(String attr, Object value) {
HttpSession session = this.getSession();
session.setAttribute(attr, value);
}
/**
* Get an object stored in the servlet context.
*
* @param attr
* Attribute Name
* @return The value stored under the attribute name.
*/
public Object getContextAttribute(String attr) {
ServletContext sc = this.getServletContext();
return sc.getAttribute(attr);
}
/**
* Store an object in the servlet context.
*
* @param attr
* Attribute Name
* @param value
* The value.
*/
public void setContextAttribute(String attr, Object value) {
ServletContext sc = this.getServletContext();
sc.setAttribute(attr, value);
}
/**
* Get an object stored in the current request.
*
* @param attr
* Attribute Name
* @return The value stored under the attribute name.
*/
public Object getRequestAttribute(String attr) {
return request.getAttribute(attr);
}
/**
* Store an object in the current request.
*
* @param attr
* Attribute Name
* @param value
* The value.
*/
public void setRequestAttribute(String attr, Object value) {
request.setAttribute(attr, value);
}
}
MethodInterceptor 文件
package com.sunwayworld.flex;
import javax.servlet.http.HttpServletRequest;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import com.sunwayworld.common.utils.SessionUtils;
import flex.context.AMFContext;
public class FlexSessionInterceptor implements MethodInterceptor {
public Object invoke(MethodInvocation invocation) throws Throwable {
AMFContext context = AMFContext.getCurrentContext();
HttpServletRequest request = context.getRequest();
if (!SessionUtils.isLogin(request)) {
throw new RuntimeException(&quot;请您重新登陆!&quot;);
}
Object obj = invocation.proceed();
return obj;
}
}
然后 在spring 配置 成调用所有的java 方法前都执行这个 MethodInterceptor 即可
| 
转播
