7 Replies Latest reply on Oct 31, 2008 10:09 PM by hermida.leandro.hermida.gmail.com

    Strange session timeout error when login in and out using Seam 2.1

    hermida.leandro.hermida.gmail.com

      Hello,


      Using Seam 2.1 Identity Management with a JpaIdentityStore and no authenticator I get the following error if I log in, log out and then log in again:


      11:26:42,987 INFO  [Contexts] starting up: org.jboss.seam.web.session
      11:26:42,988 INFO  [Contexts] starting up: org.jboss.seam.security.ruleBasedPermissionResolver
      11:26:42,989 INFO  [Contexts] starting up: org.jboss.seam.security.identity
      11:26:46,585 ERROR [lifecycle] JSF1054: (Phase ID: RESTORE_VIEW 1, View ID: ) Exception thrown during phase execution: javax.faces.event.PhaseEvent[source=com.sun.faces.lifecycle.LifecycleImpl@24ee50b4]
      11:26:46,586 WARN  [ExceptionFilter] handling uncaught exception
      javax.servlet.ServletException: viewId:/main.seam - View /main.seam could not be restored.
           at javax.faces.webapp.FacesServlet.service(FacesServlet.java:270)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
           at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:44)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:38)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:150)
           at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:267)
           at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:379)
           at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:506)
           at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
           at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
           at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
           at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
           at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
           at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
           at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
           at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
           at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
           at java.lang.Thread.run(Thread.java:595)
      Caused by: javax.faces.application.ViewExpiredException: viewId:/main.seam - View /main.seam could not be restored.
           at com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:186)
           at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
           at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:104)
           at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
           at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
           ... 41 more
      11:26:46,588 WARN  [ExceptionFilter] exception root cause
      javax.faces.application.ViewExpiredException: viewId:/main.seam - View /main.seam could not be restored.
           at com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:186)
           at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
           at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:104)
           at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
           at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
           at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:44)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:38)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:150)
           at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:267)
           at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:379)
           at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:506)
           at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
           at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
           at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
           at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
           at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
           at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
           at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
           at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
           at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
           at java.lang.Thread.run(Thread.java:595)
      11:26:46,588 WARN  [ExceptionFilter] running exception handlers
      11:26:46,609 WARN  [arjLoggerI18N] [com.arjuna.ats.arjuna.coordinator.TwoPhaseCoordinator_4] TwoPhaseCoordinator.afterCompletion - returned failure for com.arjuna.ats.internal.jta.resources.arjunacore.SynchronizationImple@22f44db3
      11:26:46,609 WARN  [arjLoggerI18N] [com.arjuna.ats.arjuna.coordinator.TwoPhaseCoordinator_4] TwoPhaseCoordinator.afterCompletion - returned failure for com.arjuna.ats.internal.jta.resources.arjunacore.SynchronizationImple@551934b2



      And the page refreshes with the following FaceMessage:


      Your session has timed out, please try again

        • 1. Re: Strange session timeout error when login in and out using Seam 2.1
          shane.bryzak

          That does seem strange.. I do this all the time with the seamspace example.  Could you post your code?

          • 2. Re: Strange session timeout error when login in and out using Seam 2.1
            hermida.leandro.hermida.gmail.com

            Yes sure,


            components.xml:


            <security:identity-manager identity-store="#{jpaIdentityStore}"/>
                
            <security:jpa-identity-store user-class="org.sysfusion.core.entity.User"
                                         role-class="org.sysfusion.core.entity.SecurityRole"/>




            login form:


            <h:form id="loginForm">
                <h:outputLabel for="loginUsername" value="Username:"/>
                <h:inputText id="loginUsername" value="#{credentials.username}"/>
                
                <h:outputLabel for="loginPassword" value="Password:"/>
                <h:inputSecret id="loginPassword" value="#{credentials.password}"/>
                
                <h:commandButton action="#{identity.login}" value="Login">
                </h:commandButton>
            </h:form>



            logout form:


            <h:form id="logoutForm">
                 <h:commandButton action="#{identity.logout}" value="Logout"/>
            </h:form>



            pages.xml:


            <?xml version="1.0" encoding="UTF-8"?>
            <pages xmlns="http://jboss.com/products/seam/pages"
                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                   xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.1.xsd"
                   login-view-id="/main.xhtml">
                
                <page view-id="/userHome*" login-required="true">
                    
                </page>
                
                <page view-id="/userProfile*" login-required="true">
                    
                </page>
                
                <page view-id="/userRegister*">
                    <navigation from-action="#{registerAction.register}">
                        <rule if="#{registerAction.registered}">
                            <redirect view-id="/main.xhtml">
                                <message>You have been registered</message>
                            </redirect>
                        </rule>
                    </navigation>
                </page>
                
                <exception class="org.jboss.seam.framework.EntityNotFoundException">
                    <redirect view-id="/main.xhtml">
                        <message severity="warn">Record not found</message>
                    </redirect>
                </exception>
                
                <exception class="javax.persistence.EntityNotFoundException">
                    <redirect view-id="/main.xhtml">
                        <message severity="warn">Record not found</message>
                    </redirect>
                </exception>
                
                <exception class="javax.persistence.EntityExistsException">
                    <redirect view-id="/main.xhtml">
                        <message severity="warn">Duplicate record</message>
                    </redirect>
                </exception>
                
                <exception class="javax.persistence.OptimisticLockException">
                    <end-conversation/>
                    <redirect view-id="/main.xhtml">
                        <message severity="warn">Another user changed the same data, please try again</message>
                    </redirect>
                </exception>
                
                <exception class="org.jboss.seam.security.AuthorizationException">
                    <redirect view-id="/main.xhtml">
                        <message severity="error">You don't have permission to access this resource</message>
                    </redirect>
                </exception>
                
                <exception class="org.jboss.seam.security.NotLoggedInException">
                    <redirect view-id="/main.xhtml">
                        <message severity="warn">#{messages['org.jboss.seam.NotLoggedIn']}</message>
                    </redirect>
                </exception>
                
                <exception class="javax.faces.application.ViewExpiredException">
                    <redirect view-id="/main.xhtml">
                        <message severity="warn">Your session has timed out, please try again</message>
                    </redirect>
                </exception>
                
                <exception class="org.jboss.seam.ConcurrentRequestTimeoutException" logLevel="trace">
                    <http-error error-code="503" />
                </exception>
                 
                <exception>
                    <redirect view-id="/main.xhtml">
                        <message severity="error">Unexpected error, please try again</message>
                    </redirect>
                </exception>
                
            </pages>



            org.sysfusion.core.entity.User:


            package org.sysfusion.core.entity;
            
            /**
             * POJO EJB class for User containing entity implementation.
             * 
             */
            @javax.persistence.Entity
            @javax.persistence.Table(name = "SYSFUSION_USER")
            @javax.persistence.NamedQueries( {
                      @javax.persistence.NamedQuery(name = "User.findAll", query = "select user from User AS user"),
                      @javax.persistence.NamedQuery(name = "User.findByUsername", query = "from User as user where user.username = :username"),
                      @javax.persistence.NamedQuery(name = "User.findByUsernameAndPasswordHash", query = "from User as user where user.username = :username and user.passwordHash = :passwordHash") })
            public class User extends net.sf.fuge.common.audit.Person implements
                      java.io.Serializable {
            
                 ... skipping to relevant code ...
            
                 // -------- Attribute Accessors ----------
            
                 /**
                  * Get the username property.
                  * 
                  * @return String The value of username
                  */
                 @javax.persistence.Column(name = "USERNAME", unique = true, nullable = false, insertable = true, updatable = true)
                 @org.hibernate.validator.NotNull
                 @org.jboss.seam.annotations.security.management.UserPrincipal
                 public String getUsername() {
                      return username;
                 }
            
                 ...
            
                 /**
                  * Get the passwordHash property.
                  * 
                  * @return String The value of passwordHash
                  */
                 @javax.persistence.Column(name = "PASSWORD_HASH", nullable = false, insertable = true, updatable = true)
                 @org.hibernate.validator.NotNull
                 @org.jboss.seam.annotations.security.management.UserPassword(hash = "sha")
                 public String getPasswordHash() {
                      return passwordHash;
                 }
            
                 ...
                    
                    /**
                  * Get the enabled property.
                  * 
                  * @return boolean The value of enabled
                  */
                 @javax.persistence.Column(name = "ENABLED", nullable = false, insertable = true, updatable = true)
                 @org.hibernate.validator.NotNull
                 @org.jboss.seam.annotations.security.management.UserEnabled
                 public boolean isEnabled() {
                      return enabled;
                 }
            
                 ...
            
                 // ------------- Relations ------------------
            
                 /**
                  * Get the securityRoles Collection
                  * 
                  * @return java.util.Set<org.sysfusion.core.entity.SecurityRole>
                  */
                 @javax.persistence.ManyToMany()
                 @javax.persistence.JoinTable(name = "SYSFUSION_USER2SECURITY_ROLE", joinColumns = { @javax.persistence.JoinColumn(name = "USER_ID", referencedColumnName = "ID") }, inverseJoinColumns = { @javax.persistence.JoinColumn(name = "SECURITY_ROLE_ID", referencedColumnName = "ID") })
                 @org.jboss.seam.annotations.security.management.UserRoles
                 public java.util.Set<org.sysfusion.core.entity.SecurityRole> getSecurityRoles() {
                      return this.securityRoles;
                 }
            
                 ...
            
            }



            Parent class net.sf.fuge.common.audit.Person has @UserFirstName, @UserLastName.


            Leandro

            • 3. Re: Strange session timeout error when login in and out using Seam 2.1
              hermida.leandro.hermida.gmail.com

              Hi again,


              Just a thought, is it because in my application when a user logs in I don't redirect them anywhere else? In the seamspace app you redirect them to their profile.xhtml when they log in.


              leandro

              • 4. Re: Strange session timeout error when login in and out using Seam 2.1
                shane.bryzak

                That shouldn't matter, however could you try it with the following entry in pages.xml?



                    <page view-id="*">
                        <navigation from-action="#{identity.logout}">
                            <redirect view-id="/main.xhtml"/>
                        </navigation>
                    </page>



                Also, you can simply use an s:button for the logout and then you won't need to wrap it in a form.

                • 5. Re: Strange session timeout error when login in and out using Seam 2.1
                  hermida.leandro.hermida.gmail.com

                  Hi Shane,


                  I actually does make a difference - I added the above entry into pages.xml and now if I login-logout-login again I do not get the error!


                  So I guess the next question is, how is pages.xml login-view-id behaving differently than the above entered navigation rule?


                  leandro

                  • 6. Re: Strange session timeout error when login in and out using Seam 2.1
                    shane.bryzak

                    They are two very different things.  The login-view-id is the view that the user will be redirected to if they attempt to access a restricted page when they haven't logged in.  The navigation rule simply redirects the user to /main.xhtml whenever they log out.  I actually tried to reproduce your issue in Seam trunk, however it behaved as expected and didn't throw a ViewExpiredException.  So I think there's something particular to your project which is causing the behaviour that you're seeing.  Are you able to easily reproduce the issue in a newly generated seam-gen project?

                    • 7. Re: Strange session timeout error when login in and out using Seam 2.1
                      hermida.leandro.hermida.gmail.com

                      Hi Shane,


                      I have recently created a new Seam Web Project in Eclipse with Seam 2.1.0.GA as my runtime home and this problem has disappeared.


                      Leandro