如下创建了一个新的过滤器,该过滤器将覆盖默认的Tomcat JSESSIONID行为
public class HttpscookieFilter implements Filter {private static final Logger LOGGER = Logger.getInstance(HttpscookieFilter.class);@Overridepublic void destroy() {}@Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { final HttpServletRequest httpRequest = (HttpServletRequest) request; final HttpServletResponse httpResponse = (HttpServletResponse) response; final HttpSession session = httpRequest.getSession(false); if (session != null) { final cookie sessioncookie = new cookie("JSESSIONID", session.getId()); sessioncookie.setMaxAge(readcookieTimeoutfromProperties()); sessioncookie.setSecure(false); sessioncookie.setPath(httpRequest.getContextPath()); httpResponse.addcookie(sessioncookie); LOGGER.log(Level.DEBUG, "Session not null and setting Sessioncookie --> " + sessioncookie.getValue() + "; Sessioncookie Age --> " + sessioncookie.getMaxAge()); } chain.doFilter(request, response);}@Overridepublic void init(FilterConfig arg0) throws ServletException {}private int readcookieTimeoutfromProperties() { ResourceBundleMessageSource bean = new ResourceBundleMessageSource(); bean.setbasename("application-messages"); String tmeout = bean.getMessage("security.cookie.timeout", null, Locale.getDefault()); return Integer.parseInt(tmeout);}}并在web.xml中的springSecurityFilterChain之前调用此过滤器<
