Geek Answers Handbook

ViewExpiredException after identity.logout (); at jboss seam

After I redirected AuthenticationFilter to the login page, I would like to log out.

That is why I put identity.logout(); into my pre-rendering method checkPermission(...) login.xhtml .

But, I get a ViewExpiredException when the user logs in again.

My problem

1: If I do not do identity.logout(); , the user is rewritten due to an old user session. 2: If I do identity.logout(); , I get a ViewExpiredException again when the user re-logs in.

AuthenticationFilter.java

 public class AuthenticationFilter implements Filter { ..... public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; HttpServletResponse httpResponse = (HttpServletResponse) servletResponse; HttpSession session = httpRequest.getSession(); User user = (User) session.getAttribute(Constants.LOGIN_USER); if (user == null) { session.setAttribute(Constants.MESSAGE_ID, MessageId.REQUIRED_TO_LOGIN); String loginView = httpRequest.getContextPath() + Constants.LOGIN_PAGE; httpResponse.sendRedirect(loginView); } else if (!user.getRole().equals(Role.SYSTEM_ADMINISTRATOR)) { System.out.println("User Role : " + user.getRole()); session.setAttribute(Constants.MESSAGE_ID, MessageId.REQUIRED_TO_ADMIN_ROLE); String loginView = httpRequest.getContextPath() + Constants.LOGIN_PAGE; httpResponse.sendRedirect(loginView); } else { filterChain.doFilter(servletRequest, servletResponse); } servletContext.log("Exiting the filter"); } public void destroy() { } }

login.xhtml

 .... <f:event listener="#{LoginBean.checkPermission}" type="preRenderView" /> ....

LoginBean.java

 @Scope(ScopeType.EVENT) @Name("LoginBean") public class LoginBean extends BaseBean { .... public boolean authenticate() { .... } public void checkPermission(ComponentSystemEvent event) { FacesContext context = getFacesContext(); ExternalContext extContext = context.getExternalContext(); String messageId = (String) extContext.getSessionMap().remove(Constants.MESSAGE_ID); if(messageId != null) { identity.logout(); addMessage(null, FacesMessage.SEVERITY_ERROR, messageId); } } }
+7
source share
1 answer

Do not use identity.logout(); in prerenderview . In the AuthenticationFilter do as shown below before passing the messageID if you want to destroy the current session and create a new session.

 if(...) { session.invalidate(); session = httpRequest.getSession(true); .... } else if(...){ session.invalidate(); session = httpRequest.getSession(true); .... }
+5
source

More articles:


All Articles