JSF redirect after session timeout always goes to login page -
the thing have set of error pages, , configured application use them, after session timeout occurs, goes login page, , after user logs in, error page appears (which supposed appear before login page).
here authentication setup :
<security-constraint> <display-name>securityconstraints</display-name> <web-resource-collection> <web-resource-name>mycollection</web-resource-name> <description/> <url-pattern>/faces/web/*</url-pattern> </web-resource-collection> <auth-constraint> <description /> <role-name>*</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>none</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>form</auth-method> <realm-name>applicationrealm</realm-name> <form-login-config> <form-login-page>/login.xhtml</form-login-page> <form-error-page>/loginfailed.xhtml</form-error-page> </form-login-config> </login-config> <security-role> <description>all users</description> <role-name>*</role-name> </security-role> which supposed include pages under /faces/web/, , seems work, since can visit errorpages without being logged in.
this file tree:
webcontent | errorpages/ web/ login.xhtml loginfailed.xhtml i'm using jsf 2.2.8 wildfly 8 server
the error occurs after asynchronus call handled exceptionhandler:
package com.comanage.web.exceptions; import javax.faces.facesexception; import javax.faces.application.viewexpiredexception; import javax.faces.context.exceptionhandler; import javax.faces.context.exceptionhandlerwrapper; import javax.faces.context.facescontext; import javax.faces.event.exceptionqueuedevent; import javax.servlet.http.httpservletrequest; import javax.servlet.http.httpservletresponse; import java.io.ioexception; import java.io.printwriter; import java.util.iterator; /** * custom exception handler give special treatment given exception */ public class viewexpiredexceptionhandler extends exceptionhandlerwrapper { private exceptionhandler wrapped; public viewexpiredexceptionhandler(exceptionhandler wrapped) { this.wrapped = wrapped; } @override public void handle() throws facesexception { facescontext facescontext = facescontext.getcurrentinstance(); (iterator<exceptionqueuedevent> iter = getunhandledexceptionqueuedevents().iterator(); iter.hasnext();) { throwable exception = iter.next().getcontext().getexception(); if (exception instanceof viewexpiredexception) { httpservletrequest request = (httpservletrequest) facescontext.getexternalcontext().getrequest(); httpservletresponse response = (httpservletresponse) facescontext.getexternalcontext().getresponse(); if(isajaxrequest(request)) { string redirect = "/errorpages/expired.xhtml"; system.out.println("an ajax request has been detected after view has expired: redirecting \""+redirect+"\""); string redirecturl = response.encoderedirecturl(request.getcontextpath() + redirect); stringbuilder sb = new stringbuilder(); sb.append("<partial-response><redirect url=\"").append(redirecturl).append("\"></redirect></partial-response>"); response.setheader("cache-control", "no-cache"); response.setcharacterencoding("utf-8"); printwriter pw = null; try { pw = response.getwriter(); } catch (ioexception e) { e.printstacktrace(); } pw.println(sb.tostring()); pw.flush(); } else{ facescontext.getapplication().getnavigationhandler().handlenavigation(facescontext, null, "expiredview"); facescontext.renderresponse(); } iter.remove(); } } getwrapped().handle(); } @override public exceptionhandler getwrapped() { return wrapped; } /** * returns true request ajax request * @param request httpservletrequest request * @return true if request ajax request */ private boolean isajaxrequest(httpservletrequest request) { boolean check = false; string facesrequest = request.getheader("faces-request"); if (facesrequest != null && facesrequest.equals("partial/ajax")) { check = true; } return check; } }
Comments
Post a Comment