0

Details of the code that i have added for using Ajax Session time out, as described by BaluC

Faces-Config.xml

<factory>
        <exception-handler-factory>org.omnifaces.exceptionhandler.FullAjaxExceptionHandlerFactory</exception-handler-factory>
</factory>

Web.xml

<error-page>
    <exception-type>javax.faces.application.ViewExpiredException</exception-type>
    <location>/expired.xhtml</location>
 </error-page>

application-config.xml

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager" />
    <!-- override these for application-specific URLs if you like: -->
    <property name="loginUrl" value="/index.xhtml" />
    <property name="successUrl" value="/dashboard" />
    <property name="unauthorizedUrl" value="/login" />
    <property name="filters">
        <util:map>
            <entry key="authc">
                <bean
                    class="org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter" />
            </entry>

        </util:map>

    </property>

    <property name="filterChainDefinitions">
        <value>
        [main]
           user.loginUrl = /login.xhtml

        [users]
            admin = password

        [urls]
           /login.xhtml = user
            /css/**=anon
            /images/**=anon
            /emailimages/**=anon

            /login=anon
            /test=anon

            /sso=anon
            /ssologin=anon
            /**=authc


        </value>
    </property>
</bean>
<bean id="facesFilter" class="com.xxx.temp.FacesAjaxAwareUserFilter"></bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <!-- <property name="sessionMode" value="native"/> -->
    <property name="realms">
        <list>
            <ref bean="jdbcRealm" />
            <ref bean="googleRealm" />
        </list>
    </property>
    <!-- <property name="realms" ref="jdbcRealm googleRealm" /> -->
    <property name="cacheManager" ref="cacheManager" />
    <!-- <property name="sessionManager" ref="sessionManager"/> -->

</bean>





<!-- <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> 
    <property name="cacheManagerConfigFile" value="/WEB-INF/ehcache.xml"/> </bean> -->

<bean id="passwordService"
    class="org.apache.shiro.authc.credential.DefaultPasswordService">
</bean>

<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
    <property name="cacheManager" ref="ehCacheManager" />
</bean>

<!-- <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> 
    <property name="sessionDAO" ref="sessionDAO"/> </bean> -->

<bean id="ehCacheManager"
    class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />

<!-- <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/> -->





<bean id="jdbcRealm" class="com.xxx.domain.web.permissions.MyWebRealm">
</bean>

<bean id="googleRealm" class="com.xxx.domain.web.permissions.GoogleRealm">
    <!-- <property name="dataSource" ref="dataSource" /> -->
    <property name="credentialsMatcher"> <bean class="com.fetchinglife.domain.web.permissions.GoogleCredentialsMatcher"/> </property>
</bean>

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

<bean
    class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor" />

Added class file FacesAjaxAwareUserFilter ** code copied from BaluC blog **

Jar files added 

omniface-1.7.jar

Added this in .xhtml file 

xmlns:o="http://omnifaces.org/ui"
    xmlns:of="http://omnifaces.org/functions"

came up with a warning 

NLS missing message: CANNOT_FIND_FACELET_TAGLIB in: 
 org.eclipse.jst.jsf.core.validation.internal.facelet.messages

Current status:

No response found, page wont redirect on Session timeout ajax call.

Dileep
  • 5,362
  • 3
  • 22
  • 38
  • It looks like that you configured the `FacesAjaxAwareUserFilter` as a Spring managed bean instead of as a Shiro filter. Why? That was absolutely not described as such in the JSF2-Shiro tutorial which you found. – BalusC Feb 03 '14 at 09:49
  • @BalusC I am not that good with shiro and spring, i don't exactly know how this works. I have just followed the instructions, In my application there is no shiro.ini file, so when i searched in the web it showed me this example which i have implemented. Can you help me in fixing this. :) – Dileep Feb 03 '14 at 10:08
  • So you don't even have Shiro up and running in first place? I'd work on that first using plain vanilla HTML pages until it works and then you can start concentrating on fixing problems with JSF ajax stuff. Eat the elephant with one bite at a time. – BalusC Feb 03 '14 at 10:10
  • @BalusC Yes shiro is working fine , i was just fixing the ajax timeout issue. I am using spring-jsf with shiro, i will update the application config.xml with complete details – Dileep Feb 03 '14 at 10:13
  • Okay. Well, sorry Spring is beyond me. Good luck on that. – BalusC Feb 03 '14 at 10:19
  • @BalusC Oops, I have spend the last 5 day trying to fixing this, still haven't seen the light. Any ways i have updated the application-config.xml. Please take a look when you are free. I am stuck in the middle of a sea. Any help will be greatly appreciated – Dileep Feb 03 '14 at 10:24
  • 1
    I checked the updated `application-config.xml` and the value of `filterChainDefinitions` represents exactly the contents of a `shiro.ini` file. I'm not sure why and how Spring does it like that, but it would logically make sense to treat it like a real `shiro.ini`. I'd just configure the Shiro filter over there like as instructed for a real `shiro.ini` file. – BalusC Feb 03 '14 at 12:48
  • @BalusC Thanks for looking into it. I will try to implement it with shiro.ini. Let me check whether it make any difference. :) – Dileep Feb 03 '14 at 13:06

1 Answers1

0

Problem solved using this configuration.

faces-config.xml

<factory>
<exception-handler-factory>org.omnifaces.exceptionhandler.FullAjaxExceptionHandlerFactory</exception-handler-factory>
</factory>

Make Shiro JSF ajax aware by adding FacesAjaxAwareUserFilter

Added <bean class="com.xxx.custom.FacesAjaxAwareUserFilter" /> to util:map

application-config.xml

<util:map>
<entry key="authc">
<bean
class="org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter" />
<bean class="com.xxx.custom.FacesAjaxAwareUserFilter" />
</entry>
</util:map>

web.xml

Added error redirect page to the web.xml.

<error-page>
<error-code>500</error-code>
<location>/error.xhtml</location>
</error-page>

Mistake in my part.

There happens to be a SessionTimeoutFilter which was used for redirecting non Ajax Timeout events, Due to some personal reasons, they wont works peacefully together and i still don't know what made the angry, when staying together. Any help on that is greatly appreciated.

This is the code i removed

<filter>
<filter-name>SessionTimeoutFilter</filter-name>
<filter-class>com.xxx.SessionTimeoutFilter</filter-class>
<init-param>
<param-name>SessionTimeoutRedirect</param-name>
<param-value>/login</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SessionTimeoutFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
Dileep
  • 5,362
  • 3
  • 22
  • 38