Session timeout redirection in JSF-Richfaces-facelet

Question

Session timeout redirection in JSF-Richfaces-facelet

I am using JSF with RichFacecs to create a web portal. I want to redirect the user to the session login page. I tried to throw a SecurityException at the session expiry / exit stage as follows

<error-page> <exception-type>java.lang.SecurityException</exception-type> <location>/Login.jsf</location> </error-page>

But this does not work for me. What is the right way to handle this?

+6

facelets jsf richfaces

Jinesh Sep 17 '09 at 11:44

source share

5 answers

Chris dale · Answer 1 · 2009-09-17T20:24:09+0000

This should do it:

 <error-page> <exception-type>javax.faces.application.ViewExpiredException</exception-type> <location>/sessionExpired.jsf</location> </error-page>

Oscar Castiblanco · Answer 2 · 2012-05-03T12:04:59+0000

you should put a timeout in your web.xml and register a timeout filter, as shown in this thread: Automatically shutdown in the JSF application in case of ajax, your redirection should be done as follows:

  String facesRequestHeader = httpServletRequest .getHeader( "Faces-Request" ); boolean isAjaxRequest = facesRequestHeader != null && facesRequestHeader.equals( "partial/ajax" ); if( isAjaxRequest ) { String url = MessageFormat.format( "{0}://{1}:{2,number,####0}{3}", request.getScheme(), request.getServerName(), request.getServerPort(), timeoutPath ); PrintWriter pw = response.getWriter(); pw.println( "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" ); pw.println( "<partial-response><redirect url=\"" + url + "\"></redirect></partial-response>" ); pw.flush();); } else { httpServletResponse.sendRedirect( timeoutPath ); }

pakore · Answer 3 · 2010-03-05T12:42:42+0000

The solution is to use Richfaces own session expired event .

Add this to your expired page:

 <a4j:region> <script language="javascript"> A4J.AJAX.onExpired = function(loc, expiredMsg){ alert('expired!'); window.location = "/login.jsf"; } </script> </a4j:region>

More information can be found in the RichFaces documentation: http://docs.jboss.org/richfaces/latest_3_3_X/en/devguide/html/ArchitectureOverview.html#SessionExpiredHandling

ghhenadie · Answer 4 · 2011-05-02T14:58:35+0000

I had some problems when I was making A4J requests after the session ended. I put it

 <context-param> <param-name>com.sun.faces.enableRestoreView11Compatibility</param-name> <param-value>true</param-value> </context-param>

in my web.xml, for me this solves the problem.

Greg · Answer 5 · 2009-10-19T15:57:23+0000

Another solution is to create a CustomViewHandler that extends the ViewHandler and override the restoreView method

 @Override public UIViewRoot restoreView(FacesContext facesContext, String viewId) { /** * {@link javax.faces.application.ViewExpiredException}. This happens only when we try to logout from timed out pages. */ UIViewRoot root = null; root = parent.restoreView(facesContext, viewId); if(root == null) { root = createView(facesContext, viewId); } return root; }

Then you need to add it to your faces-config.xml

 <view-handler>com.demo.CustomViewHandler</view-handler>

This will prevent getting a ViewExpiredException

Session timeout redirection in JSF-Richfaces-facelet

More articles: