Java JSF redirect on logout

Question

I have a ViewScoped JSF page. There exists an ace:dialog where the user is working in. If the user does not click for two hours, his session becomes automaticly destroyed by tomcat.

If the user send a request after that two hours, I redirect to the login page (because the user is logged out). Problem is that I become an error:

java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed

Is there a way to redirect every request to the login page if the user become logged out? What happened to my Backing Beans if the session got destroyed?

Thats the way of my redirect if the user is request a subsite and is not logged in:

@PostConstruct
public void initialize() {

    logger.debug("Start - " + new Throwable().getStackTrace()[0]);

    if (hasReadAccess()) {
        FacesContext.getCurrentInstance().getExternalContext().redirect(pPath);
        return;
    }

    logger.debug("End- " + new Throwable().getStackTrace()[0]);
}

That is the way of my code, if the user sends a ajax request, for example using a rowEditListener:

public void rowEditListener(RowEditEvent ev) {

logger.debug("Start - " + new Throwable().getStackTrace()[0]);

if (hasReadAccess()) {
    FacesContext.getCurrentInstance().getExternalContext().redirect(pPath);
    return;
}

// do something

logger.debug("End - " + new Throwable().getStackTrace()[0]);
}

Thanks!

Answer 1

you can use spring:
public void logout() {
        try {
            SecurityContextHolder.getContext().setAuthentication(null);
            FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
            FacesContext.getCurrentInstance().getExternalContext()
                    .redirect(FacesContext.getCurrentInstance().getExternalContext().getRequestContextPath() + "/j_spring_security_logout?faces-redirect=true");

        } catch (Exception e) {

        }
    }