2 Replies Latest reply on Feb 4, 2011 6:32 AM by infinity2heaven

    NPE in RestoreViewPhase after a logout.login pattern

    infinity2heaven Novice

      In relation to the same code in my earlier post, I get a NPE in JSF's restoreView phase once I try to login after a logout.


      Here's the code for logout




      public void logout() {
              HttpSession session = (HttpSession) facesContext.getExternalContext().getSession( true );
              session.invalidate();           
              FacesUtils.addMessage( "Logging out - " );
              currentUser = null;
      }



      And the error after redirect from faces-config,



      <navigation-case>
              <from-action>#{authenticator.logout}</from-action>
              <to-view-id>/pages/auth/login.xhtml</to-view-id>
              <redirect />
      </navigation-case>




      Servlet threw exception: java.lang.NullPointerException
              at com.sun.faces.lifecycle.RestoreViewPhase.notifyAfter(RestoreViewPhase.java:288) [:2.0.3-]
              at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:110) [:2.0.3-]
              at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:114) [:2.0.3-]
              at javax.faces.webapp.FacesServlet.service(FacesServlet.java:308) [:2.0.3-]
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:324) [:6.0.0.Final]
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]
              at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:67) [:6.0.0.Final]
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274) [:6.0.0.Final]
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]
              at xxx.web.filter.Log4jSessionFilter.doFilter(Log4jSessionFilter.java:43) [classe:]
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274) [:6.0.0.Final]
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]
              at xxx.web.filter.SecurityFilter.doFilter(SecurityFilter.java:88) [classe:]
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274) [:6.0.0.Final]
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]
              at org.apache.catalina.core.StandardWrapperValve.__invoke(StandardWrapperValve.java:275) [:6.0.0.Final]
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java) [:6.0.0.Final]
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [:6.0.0.Final]
              at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:181) [:6.0.0.Final]
              at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.0.0.Final]
              at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.0.0.Final]
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [:6.0.0.Final]
              




      IS this CDI related, or is it an isolated JSF question? (I'm aware of RestoreView NPE in general but not in this use case)

        • 1. Re: NPE in RestoreViewPhase after a logout.login pattern
          Sebastian Sachtleben Novice

          Seems like it depends on your webfilter.


          My logout works fine:


          @Stateful @Named @SessionScoped
          public class CustomIdentity {
          
               Logger log = LoggerFactory.getLogger(CustomIdentity.class);
               
               @PersistenceContext EntityManager em;
               
               @Inject FacesContext facesContext;
               @Inject CustomCredentials credentials;
               @Inject Event<UserAuthenticatedEvent> event;
               
               private User user;
               
               ///////// METHODS /////////
               
               @Produces @Authenticated public User getAuthenticatedUser() {
                    return user;
               }
               
               public void loginSuccessful(@Observes UserAuthenticatedEvent event) {
                    user = (User) event.getUser();
                    log.info("User " + user.getUsername() + " logged in");
               }     
          
               public boolean login() {
                    log.info("Login with username = " + credentials.getUsername() + " , password = " + credentials.getPassword());
                    try {
                         User user = (User) em.createQuery("from " + User.class.getName() + " where username = ?0")
                                   .setParameter(0, credentials.getUsername()).getSingleResult();
                         if (!user.getPassword().equalsIgnoreCase(credentials.getPassword())) {
                              log.info("Password doesnt match");
                              // TODO: Add facesmessage for login failed
                              return false;
                         }
                         log.info("Login successfully!!!");
                         event.fire(new UserAuthenticatedEvent(user));
                         return true;
                    } catch(NoResultException e) {
                         log.info("User unkowned");
                         // TODO: Add facesmessage for login failed
                    }
                    return false;
               }
          
               public boolean logout() {
                          HttpSession session = (HttpSession) facesContext.getExternalContext().getSession(true);
                          session.invalidate();   
                    user = null;
                    return true;
               }
               
               public boolean getLoggedIn() {
                    return user != null;
               }
          
          }




             <navigation-rule>
                <from-view-id>*</from-view-id>
          
                <navigation-case>
                   <from-action>#{customIdentity.logout}</from-action>
                   <if>#{true}</if>
                   <to-view-id>/home.xhtml</to-view-id>
                   <redirect/>
                </navigation-case>
          
             </navigation-rule>



          <li><h:link value="MEIN ACCOUNT" outcome="/pages/login/login.xhtml" rendered="#{!customIdentity.loggedIn}" style="white-space: nowrap;" /></li>
          <li><h:link value="MEIN ACCOUNT" outcome="/pages/user/account-watchlist.xhtml" rendered="#{customIdentity.loggedIn}" style="white-space: nowrap;" /></li>
          <li><h:commandLink value="AUSLOGGEN" action="#{customIdentity.logout}" rendered="#{customIdentity.loggedIn}" style="white-space: nowrap;" /></li>



          Well its not good but it works fine untill seam security is final or next to that state :)

          • 2. Re: NPE in RestoreViewPhase after a logout.login pattern
            infinity2heaven Novice

            My Authenticator works fine as well. It's just JSF that keeps throwing NPEs after a logout/login process because there's no View after a logout (session invalidated) and it still thinks there is.