0

I am using JSF 2.2 in Tomcat 8 with form based authentication. After successful login, the home page is correctly displayed sometimes. However, some other times, even after successful login, the login page is displayed. After re-entering the username and password for 2-3 times, the home page is displayed.

The XHTML page looks like this:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://xmlns.jcp.org/jsf/facelets"
xmlns:h="http://xmlns.jcp.org/jsf/html"
xmlns:f="http://xmlns.jcp.org/jsf/core"
xmlns:p="http://primefaces.org/ui" xmlns:b="http://bootsfaces.net/ui">

<h:head>
</h:head>
<h:body>
<h:form id="loginForm">
    <b:container layout="fluid" style="margin-top:100px;">
        <b:row>
            <b:column medium-screen="3">
            </b:column>
            <b:column medium-screen="6">
                <b:panelGrid colSpans="12,0" id="stateGridId">
                    <b:panel title="#{msg['login_panel_key']}" look="primary">
                        <b:row>
                            <b:column medium-screen="12">
                                <b:message for="username" />
                                <b:message for="password" />
                                <b:message for="loginButton" />
                                <br />
                            </b:column>
                        </b:row>
                        <b:row>
                            <b:column offset="2" medium-screen="8">
                                <b:inputText placeholder="#{msg['username_label_key']}" required="true"
                                    id="username" value="#{login.user}" requiredMessage="#{msg['user_req_message']}">
                                    <f:facet name="prepend">
                                        <b:icon name="user" />
                                    </f:facet>
                                </b:inputText>
                            </b:column>
                        </b:row>
                        <b:row>
                            <b:column offset="2" medium-screen="8">
                                <b:inputSecret placeholder="#{msg['password_label_key']}" required="true"
                                    id="password" value="#{login.pwd}" requiredMessage="#{msg['password_req_message']}">
                                    <f:facet name="prepend">
                                        <b:iconAwesome name="key" />
                                    </f:facet>
                                </b:inputSecret>
                            </b:column>
                        </b:row>
                        <b:row>
                            <b:column offset="2" span="4">
                                <b:commandButton id="loginButton" value="#{msg['login_button_key']}" action="#{login.login}"
                                    look="primary" style="width:100%" />
                            </b:column>
                        </b:row>
                    </b:panel>
                </b:panelGrid>
            </b:column>
            <b:column medium-screen="3">
            </b:column>
        </b:row>
    </b:container>
</h:form>
</h:body>
</html>

The managed bean looks like this:

package com.saptarshibasu.poc.login;

import javax.faces.application.FacesMessage;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.ManagedProperty;
import javax.faces.context.FacesContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;

import com.saptarshibasu.poc.Utils;

@ManagedBean
public class Login {
protected String user;
protected String pwd;

@ManagedProperty(value="#{utils}")
private Utils utils;

public Utils getUtils() {
    return utils;
}

public void setUtils(Utils utils) {
    this.utils = utils;
}

public String getUser() {
    return user;
}

public void setUser(String user) {
    this.user = user;
}

public String getPwd() {
    return pwd;
}

public void setPwd(String pwd) {
    this.pwd = pwd;
}

public String login() {
    HttpServletRequest origRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext()
            .getRequest();
    try {
        if(origRequest.getUserPrincipal()==null)
        {
            origRequest.login(user, pwd);
        }
        return "/pages/home.xhtml?faces-redirect=true";
    } catch (ServletException e) {
        FacesContext context = FacesContext.getCurrentInstance();
        FacesMessage fMessage = new FacesMessage(context.getApplication().getResourceBundle(context, "msg").getObject("login_err_message").toString());
        fMessage.setSeverity(FacesMessage.SEVERITY_ERROR);
        context.addMessage(utils.findComponent("username").getClientId(), fMessage);
        return null;
    }

}
}
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Saptarshi Basu
  • 8,640
  • 4
  • 39
  • 58
  • Is this helpful? http://stackoverflow.com/q/14101380 – BalusC Feb 07 '16 at 09:50
  • @BalusC, I tried using Omnifaces with the CacheControlFilter as you suggested in the other post. However, it didn't solve the problem. It doesn't look like a cache problem, as I can see in the Tomcat console that the login method is being called each time I hit the login button. – Saptarshi Basu Feb 07 '16 at 11:00
  • 1
    Then verify if HTTP session is properly maintained. If for some reason the session is destroyed or recreated, then the user will be logged out. – BalusC Feb 07 '16 at 11:33
  • @BalusC, Thanks! I think this is indeed due to session recreation. I can see this by storing a session attribute in login method and checking the value in subsequent requests. However, this problem doesn't happen all the time and also this seems to happen only with Chrome and not with FF. Please let me know if there is any solution to this. – Saptarshi Basu Feb 07 '16 at 13:27
  • Also, Chrome sends two HTTP POST requests. FF sends only one. – Saptarshi Basu Feb 07 '16 at 13:33
  • Does this also happen when you test in an incognito window in Chrome? (i.e. with clean session/cache/cookie) – BalusC Feb 07 '16 at 15:28
  • @BalusC, The problem is occurring in incognito mode as well - sometimes, not always. For firefox, everything is fine. – Saptarshi Basu Feb 09 '16 at 11:50

1 Answers1

0

This was a bug in Bootsfaces commandButton. Now it is fixed. The details are available here.

Saptarshi Basu
  • 8,640
  • 4
  • 39
  • 58