4

I'm beginning a new JavaEE7 project which requires PrimeFaces 5.0 components. JSF implementation is Mojarra 2.2.0.

After setting initial project dependencies I went to implement handling of user sessions, and handling viewExpiredException gracefully.

First step, I added code below to web.xml, so after the Session expires user get redirected to appropriate page. Excellent.

<error-page>
    <exception-type>javax.faces.application.ViewExpiredException</exception-type>
    <location>/exception/sessionexpired.xhtml</location>
</error-page>

After that I added PrimeFaces and tested AJAX components after Session expires. Not Working! Then I added code below to faces-config.xml, so after AJAX calls when Session is out users are redirected to appropriate page. Excellent.

<factory>
    <exception-handler-factory>
        org.primefaces.application.exceptionhandler.PrimeExceptionHandlerFactory
    </exception-handler-factory>
</factory>

Then I went to implement WebFilter to handle authorization like this:

@WebFilter("/*")
public class AuthorizationFilter implements Filter {

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;

    HttpSession session = request.getSession(false);

    User user = (session != null) ? (User) session.getAttribute("user") : null;
    String loginURL = request.getContextPath() + "/login.xhtml";

    boolean loginRequest = request.getRequestURI().startsWith(loginURL);
    boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER);

    if (user != null || loginRequest || resourceRequest) {
        chain.doFilter(request, response);
    } else {
        response.sendRedirect(loginURL);
    }
}

After that my gracefully handled viewExpiredException was gone (that's OK, I'll handle the Session in Filter), but AJAX requests after Session is expired no more get handled. Does that mean, when I implement WebFilter, I must handle all requests in it (also detect AJAX calls and do appropriate redirecting), and I can discard my web.xml and faces-config.xml configuration for exceptions?

TIA, D00de.

D00de
  • 880
  • 3
  • 7
  • 26
  • Well, yeah - once the session has expired, nothing can be processed. Redirect your users appropriately to re-authenticate – kolossus Aug 08 '14 at 15:03
  • Well that's what I'm doing in my WebFilter, and they get redirected. Now, I implemented also ajax/partial requests detection in my WebFilter manually. The question really is, why do I need viewexpired handlers if at the end I need to process everything in the WebFilter? – D00de Aug 08 '14 at 19:19

0 Answers0