不幸的是,没有任何标准/抽象的方法可以使用Servlet
API对其进行挂钩。您需要编写特定于应用服务器的逻辑,或者实现一个全局过滤器来检查
HttpServletRequest#getUserPrincipal()每次。例如:
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) { HttpServletRequest request = (HttpServletRequest) req; Principal user = request.getUserPrincipal(); HttpSession session = request.getSession(false); if (user != null && (session == null || session.getAttribute("user") == null)) { request.getSession().setAttribute("user", user); // First-time login. You can do your intercepting thing here. } chain.doFilter(req, res);}
