Richfaces and expired session redirect - JAAS
tmccobb Jul 14, 2010 6:30 PMContainer: JBoss 4.22, FORM based authentication against JAAS LDAP login context
JSF 1.2; Richfaces 3.3.2 SR1
MyFaces 1.2.6
Trying to configure a redirect to a login page when the session expires. Actually, the container handles this without doing anything. As soon as the session expires, the app redirects to the login page. The problem is that after reauthentication the request is looking for saved state from the expired session and throws
javax.faces.application.ViewExpiredException: /Summary.facesNo saved view state could be found for the view identifier:
It seems that this container mechanism trumps everything: PhaseListeners, Servlet Filters, and javascript,
specifically the A4J.AJAX.onExpired(...) call, which never gets fired. A simple solution that I found was
adding this to web.xml:
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/SessionError.jsp</location>
</error-page>
I have even tried this with the RedrectFilter suggested at http://wiki.apache.org/myfaces/Handling_Server_Errors
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/redirect?url=/SessionError.jsp</location>
</error-page>
In either case, the container is forcing re-authentication first, and THEN redirecting to .SessionError.jsp.
I was hoping that somehow the Richfaces org.ajax4jsf.handleViewExpiredOnClient would give me some options, but when
implemented, as I said, the javascript is never fired and after re-authentication, the app hangs on a blank screen.
In web.xml the Richfaces handler is implemented thus:
//Turned off Myfaces error handling per JIRA notes
<context-param>
<param-name>org.apache.myfaces.ERROR_HANDLING</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>org.ajax4jsf.handleViewExpiredOnClient</param-name>
<param-value>true</param-value>
</context-param>
I do have a HttpSessionListener implemented where I can unfailingly catch the expiring session event. Is there
something I can do with the session attributes org.ajax4jsf.application.AjaxStateHolder or
org.ajax4jsf.application.AjaxStateManager.view_sequence in the expiring session that will avoid the
javax.faces.application.ViewExpiredException?
I am using <a4j:poll interval="[5 sec after session timeout]" reRender="someComponent"/> to detect the expired session.