Problem with container security & session timeout

cdollar393 Aug 16, 2007 3:22 PM

I'm having issues getting ajax4jsf working well with container-based authentication and session timeouts. I've done as suggested in the dev guide and have overridden A4J.AJAX.onExpired and this works fine to catch the expired session, but only when I don't use container managed authentication. As soon as I enable the security constraint if the session times out and a request happens then the container realizes that the session is invalid and redirects the user to the login page defined in my web.xml. That makes a4j complain about no a4j headers (which is correct since the container redirected to the login page) so a blank page gets rendered.

Is there any way to handle session timeouts when security constraints are involved? If it makes any difference, I'm running jboss-4.2.1.GA using a DatabaseServerLoginModule for authentication.

Thanks!
Chris

1. Re: Problem with container security & session timeout

cdollar393 Aug 18, 2007 5:51 PM (in response to cdollar393)

I've solved the issue by using the WebAuthentication class mentioned here http://wiki.jboss.org/wiki/Wiki.jsp?page=WebAuthentication inside a custom servlet. So I let the ejb method security take over the security aspect and don't have the web container manage any protected pages. When a session expires the overridden onExpired event gets called and I can redirect the user to a login page.

Chris
Actions
2. No error handling at security timeout with WebSphere 6.0

andreas.baumann Sep 5, 2008 9:10 AM (in response to cdollar393)

We are using Richfaces 3.1.5.GA on a WebSphere 6.0 Server. J2EE Security is activate.

If the security token times out, WebSphere redirects to the login page (this means WebSphere sends a 302 to login page as response to a http post).

If this is caused by an AJAX request, richfaces does not do anything to handle this error. We expected richfaces to call the A4J.AJAX.onError or A4J.AJAX.onExpired functions, but nothing happens.

Is there a possibility to handle these errors in richfaces?
Actions

Go to original post