0

I am a bit desperate about the following problem. In JSF/PrimeFaces (Wildfly 10) we are using both AJAX and non-AJAX calls. If a session expires and someone interacts with the system (clicks), it should be redirected to login.xhtml and ask a user for a new login. Problem is that it works just for non-AJAX controls. If I click on an AJAX control, I get to login page, but if I fill login/password, I get the following error:

<partial-response id="j_id1">
   <changes>
      <update id="j_id1:javax.faces.ViewState:0">
         <![CDATA[ 982009515771098472:-6468147585577406798 ]]>
      </update>
   </changes>
</partial-response>

I have read numerous materials and implemented the following classes:

JsfAjaxPhaseListener.java

public class JsfAjaxPhaseListener implements PhaseListener {

    public void beforePhase(PhaseEvent event) {
    }

    public PhaseId getPhaseId() {
        return PhaseId.RESTORE_VIEW;
    }

    @Override
    public void afterPhase(PhaseEvent event) {
        FacesContext context = FacesContext.getCurrentInstance();

        HttpServletRequest httpRequest = (HttpServletRequest) context.getExternalContext().getRequest();
        if (httpRequest.getRequestedSessionId() != null && !httpRequest.isRequestedSessionIdValid()) {
            String facesRequestHeader = httpRequest.getHeader("Faces-Request");
            boolean isAjaxRequest = facesRequestHeader != null && facesRequestHeader.equals("partial/ajax");

            if (isAjaxRequest) {
                try {
                    context.getExternalContext().redirect("/admin/login.xhtml");
                } catch (IOException ex) {
                    Logger.getLogger(JsfAjaxPhaseListener.class.getName()).log(Level.SEVERE, null, ex);
                }
            }
        }
    }
}

SessionExceptionHandler.java

public class SessionExceptionHandler extends ExceptionHandlerWrapper {

    private static final Logger LOGGER = LoggerFactory.getLogger(SessionExceptionHandler.class);

    private ExceptionHandler wrapped;

    SessionExceptionHandler(ExceptionHandler exception) {
        this.wrapped = exception;
    }

    @Override
    public ExceptionHandler getWrapped() {
        return wrapped;
    }

    @Override
    public void handle() throws FacesException {
        final Iterator<ExceptionQueuedEvent> i = getUnhandledExceptionQueuedEvents().iterator();
        while (i.hasNext()) {
            ExceptionQueuedEvent event = i.next();
            ExceptionQueuedEventContext context
                    = (ExceptionQueuedEventContext) event.getSource();

            Throwable t = context.getException();

            if (t instanceof ViewExpiredException) {
                ViewExpiredException vee =(ViewExpiredException) t;
                FacesContext fc =FacesContext.getCurrentInstance();
                Map<String, Object> requestMap = fc.getExternalContext().getRequestMap();
                NavigationHandler nav =
                        fc.getApplication().getNavigationHandler();
                try {
                    ((ConfigurableNavigationHandler)nav).performNavigation("admin/login.xhtml?faces-redirect=true");
                    fc.renderResponse();

                } finally {
                    i.remove();
                }
            }
        }
        getWrapped().handle();
    }
}

SessionExceptionHandlerFactory.java

public class SessionExceptionHandlerFactory extends ExceptionHandlerFactory {

    private ExceptionHandlerFactory parent;

    public SessionExceptionHandlerFactory(ExceptionHandlerFactory parent) {
        this.parent = parent;
    }

    @Override
    public ExceptionHandler getExceptionHandler() {
        ExceptionHandler handler = new SessionExceptionHandler(parent.getExceptionHandler());
        return handler;
    }

}

web.xml looks like:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <context-param>
        <param-name>facelets.SKIP_COMMENTS</param-name>
        <param-value>true</param-value>
    </context-param>  
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            10
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>admin/index.xhtml</welcome-file>
    </welcome-file-list>
    <security-constraint>
        <display-name>securityConstraint</display-name>
        <web-resource-collection>
            <web-resource-name>resources</web-resource-name>
            <url-pattern>/admin/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
        <auth-constraint>
            <role-name>Administrator</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>incomakerSecurityDomain</realm-name>
        <form-login-config>
            <form-login-page>/login.xhtml</form-login-page>
            <form-error-page>/errorLogin.xhtml</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <role-name>Administrator</role-name>
    </security-role>
    <error-page>
        <error-code>500</error-code>
        <location>/errorCatchall.xhtml</location>
    </error-page> 
</web-app>

We have tried various redirects, various modifications of the calls, spent two full days on it, but nothing helps. If I reload the login page manually, everything works. If I try to reload it programmatically, it always fails with a partial response.

Thank you for your help.

TomS
  • 1,159
  • 2
  • 17
  • 35
  • Is this helpful? http://stackoverflow.com/q/35841356 – BalusC Aug 05 '16 at 05:53
  • Thank you @BalusC. Unfortunately, it doesn't seem to work. First, we are using PrimeFaces, not OmniFaces. I tried to add invalidateSession() before context.getExternalContext().redirect(), however without any success. What seems to help is to use ConfigurableNavigationHandler.performNavigation() instead of context.getExternalContext().redirect, but I have no idea why and consider it a workaround not a solution. :-( – TomS Aug 05 '16 at 10:24
  • 1
    OmniFaces is not a component library like PrimeFaces. It's an utility library which can be used on any JSF based application. – BalusC Aug 05 '16 at 10:25
  • Ok, thanks, will check. – TomS Aug 05 '16 at 10:29

1 Answers1

0

Thanks to BalusC, the problem was finally solved by adding OmniFaces into the project. Then we just removed JsfAjaxPhaseListener and SessionExceptionHandler* classes as they are no longer needed. Now works like a charm.

TomS
  • 1,159
  • 2
  • 17
  • 35