0

Application is developed using Spring MVC, JSP Servlets version 2.4 and uses Siteminder's SSO for authentication.

Problem: After session time out, the file download functionality is not working.

Expected behaviour: If user hit download button after session time elapsed, then the app should redirect to SSO login page and ask user credentials and once authenticated, then show the download dialog box.

Actual behaviour: If user hit download button after session time elapsed, then the app goes to a standstill, and i'll have to edit the url to reload the app(from its home page or the page from which download should happen). Simple reload of the page doesn't open the Download dialog box.

Controller:

 @RequestMapping(value ="/DownloadReport.spr", method = RequestMethod.GET)   

public String populateList( 
        HttpServletRequest request,
        ModelMap model)
{       
httpSession = request.getSession();

//get data to be populated into List is added to httpSession object.

return "viewName" ;
}


@SuppressWarnings("unchecked")
@RequestMapping(value="/ReportDownload.spr", method = {RequestMethod.GET } )
public void downlodReport(      
    HttpServletResponse response,   
    HttpServletRequest request,     
    @ModelAttribute (value="DataList") ArrayList<ClassObj> dataList,
    ModelMap model 
)
{
    FileTO fileTO = new FileTO ();
    httpSession = request.getSession();

    dataList = (ArrayList<ClassObj>) httpSession.getAttribute("ReportList")     ;



    if( dataList!= null ){


    if(dataList.isEmpty())
    {

        //show no data msg.
    }
    else{

     try
     {


        if( dataList.size() > 0 )
        {

            //call method to handle downloading data from java objects

            fileTO.excelFormat(request.getSession(), request, response,      dataList);
            model.addAttribute("dataList", dataList);
        }        

     }catch(Exception e) {

    //handle exception

    }
    } // end of else
    }
    else{

        System.out.println(" dataList is null , since session expired");
        // after session expires control reaches here

    }

}
kkk
  • 166
  • 2
  • 18

1 Answers1

0

No request will reach your protected application once the SiteMinder session expires. All requests, including AJAX, will result in a 302 redirect by SiteMinder agent running in front of your application.

There are 2 types of typical problems occurring here:

  • classic web applications will properly redirect to SiteMinder SSO login page, however might have problems with a state for deep-links after the login. SiteMinder redirects to the same page which was originally requested.
  • AJAX applications are surprised by an unexpected content which results from a redirect. There is no direct way to detect a redirect for AJAX.
Community
  • 1
  • 1
Vilmantas Baranauskas
  • 6,596
  • 3
  • 38
  • 50
  • Actually, tha page which contains the download functionality has the data to be downloaded displayed in table format. So after writing the data into the page in table format it's sotred in session. Download request handler is taking the data from session object so when the session is expired, I've no data to write and hence application doesn't do anything when the download link is clicked. Is there a workaround for this situation? – kkk Mar 05 '15 at 06:40
  • Is it about expiration of the SiteMinder session or servlet session? In the second case, your problem is not really related to SiteMinder. You could increase the time out (e.g. to be that of SiteMinder Session + 1 minute) but you still need to handle such situation somehow, e.g. by redirecting user to the start page. – Vilmantas Baranauskas Mar 05 '15 at 07:39