views:

3913

answers:

3

I am using JSF with RichFacecs to create a web portal .I want to redirect the user to the login page on session time out. I was trying to throw a SecurityException in session expiry/logged out stage as follows

<error-page>
    <exception-type>java.lang.SecurityException</exception-type>
    <location>/Login.jsf</location>
</error-page>

But this is not working for me. Which is the right way of handling this ?

+4  A: 

This should do it :

<error-page>
    <exception-type>javax.faces.application.ViewExpiredException</exception-type>
    <location>/sessionExpired.jsf</location>
</error-page>
ChrisAD
Thanks for the answer. I tried this and its not working for ajax request
Jinesh
Can you show how you have implemented the session expired page? Its important that the redirect function that your using is also not timed out =)
ChrisAD
i am redirecting the login page on session expire. I got another working solution. Now i am redirecting in the backing bean like this FacesContext.getCurrentInstance().getExternalContext().redirect("login.jsf") . Is this a proper way ?
Jinesh
I dont see any problems with this approach. Im glad you found a working approach.
ChrisAD
Thank you very much for support Chris
Jinesh
A: 

Another solution is to create CustomViewHandler that extends ViewHandler and override restoreView method

@Overridepublic UIViewRoot restoreView(FacesContext facesContext, String viewId) {
/**
 * {@link javax.faces.application.ViewExpiredException}. This happens only  when we try to logout from timed out pages.
 */
UIViewRoot root =null; 
root = parent.restoreView(facesContext, viewId);
if(root == null) {   
 root = createView(facesContext, viewId);
}
return root;

}

Then you need to add it to your faces-config.xml

<view-handler>com.demo.CustomViewHandler</view-handler>

This will prevent you from getting ViewExpiredException's

Greg
Note: I think "parent" should be "super" and can be added to createView also. I would also suggest that an implementation of ViewHandler like com.sun.faces.application.ViewHandlerImpl be extended so that you don't need to rewrite all of the ViewHandler classes.
Adam
+1  A: 

The solution is to use Richfaces own session expired event.

Add this to the page prone to expire:

<a4j:region>
 <script language="javascript">
 A4J.AJAX.onExpired = function(loc, expiredMsg){
 alert('expired!');
 window.location = "/login.jsf";
 }
 </script>
</a4j:region>

More info can be found at the RichFaces documentation: http://docs.jboss.org/richfaces/latest_3_3_X/en/devguide/html/ArchitectureOverview.html#SessionExpiredHandling

pakore