处理含有登录地址第二次没退出登录就404的问题

public class MyAuthenticationFilter extends FormAuthenticationFilter{

AdviceFilter

 public void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {

        Exception exception = null;

        try {

            boolean e = this.preHandle(request, response);

            if(log.isTraceEnabled()) {

                log.trace("Invoked preHandle method.  Continuing chain?: [" + e + "]");

            }

            if(e) {

                this.executeChain(request, response, chain);//含有登录地址的请求不走这里，就不会404,不走这里之前有登录还是登录，只是控制个跳转到登陆不会导致404

            }

            this.postHandle(request, response);

            if(log.isTraceEnabled()) {

                log.trace("Successfully invoked postHandle method");

            }

        } catch (Exception var9) {

            exception = var9;

        } finally {

            this.cleanup(request, response, exception);

        }

    }

自己的默认或抽象，别人复写时使用

AccessControlFilter

public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {

        return this.isAccessAllowed(request, response, mappedValue) || this.onAccessDenied(request, response, mappedValue);

    }

AuthenticatingFilter

校验登录地址不允许，只允许除此之外有权限的地址

protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {

        return super.isAccessAllowed(request, response, mappedValue) || !this.isLoginRequest(request, response) && this.isPermissive(mappedValue);

    }

    为了处理第二次登录（没有退出），出现404这里在做一次过滤（只要有登录地址的就不允许向内部访问）

@Override

protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {

Subject subject = this.getSubject(request, response);

boolean flag= subject.isAuthenticated();（没退出为true）

return (flag && !((HttpServletRequest)request).getServletPath().contains("j_acegi_security_check")) || !this.isLoginRequest(request, response) && this.isPermissive(mappedValue);

}

protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {

        AuthenticationToken token = this.createToken(request, response);

        if(token == null) {

            String e1 = "createToken method implementation returned null. A valid non-null AuthenticationToken must be created in order to execute a login attempt.";

            throw new IllegalStateException(e1);

        } else {

            try {

                Subject e = this.getSubject(request, response);

                e.login(token);

                return this.onLoginSuccess(token, e, request, response);

            } catch (AuthenticationException var5) {

                return this.onLoginFailure(token, var5, request, response);

            }

        }

    }

//处理直接get请求登录的问题（浏览器直接输入登录地址请求）

@Override

protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {

HttpServletRequest request = (HttpServletRequest) servletRequest;

HttpServletResponse response = (HttpServletResponse) servletResponse;

//String requestType = request.getHeader("X-Requested-With");

String requestType = (request.getHeader("X-Requested-With")==null?request.getHeader("x-requested-with"):null);

String contentType = request.getHeader("content-type");

request.getHeaderNames();

if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))||(contentType!=null && (contentType.equalsIgnoreCase("application/json; charset=utf-8")||contentType.equalsIgnoreCase("application/json")))) {

response.addHeader("loginStatus", "accessDenied");

response.sendError(HttpServletResponse.SC_FORBIDDEN);

response.setCharacterEncoding("UTF-8");

response.setContentType("application/json");

//HttpServletResponse rs=new HttpServletResponse();

//response.

//ServletServerHttpResponse responseHeader = new ServletServerHttpResponse(rs);

//responseHeader.getHeaders().add("loginStatus", "accessDenied");

//response.getWriter().write(JSONObject.toJSONString(responseHeader));

//ServletServerHttpResponse.ServletResponseHttpHeaders responseHeader=new ServletServerHttpResponse.ServletResponseHttpHeaders();

//responseHeader.

return false;

}

//if ((requestType != null && requestType.equalsIgnoreCase("XMLHttpRequest"))) {

//

//response.addHeader("loginStatus", "accessDenied");

//response.sendError(HttpServletResponse.SC_FORBIDDEN);

//response.setCharacterEncoding("UTF-8");

//response.setContentType("application/json");

////HttpServletResponse rs=new HttpServletResponse();

////response.

////ServletServerHttpResponse responseHeader = new ServletServerHttpResponse(rs);

////responseHeader.getHeaders().add("loginStatus", "accessDenied");

////response.getWriter().write(JSONObject.toJSONString(responseHeader));

//return false;

//}

String method = request.getMethod();

if("GET".equalsIgnoreCase(method)){

WebUtils.issueRedirect(request, response, "/");

return false;

}

return super.onAccessDenied(request, response);

}

}

 注意

MyAuthenticationFilter中onLoginSuccess中的session.stop();需要注掉，否则用框架的登陆走了onLoginSuccess然后又清了session会报错