I have a JSF page on Websphere Process Server (on top of WAS 7) which has ViewExpiredException. When this happens I want the user to be logged out and then logged back in I've set up a redirect on this exception in web.xml to the following logout page:
<%
session.invalidate();
response.sendRedirect("ibm_security_logout?logoutExitPage=/faces/ToDosOpen.jsp");
%>
Which then redirects to a login page:
<%@ page import="com.ibm.wbit.tel.client.jsf.infrastructure.Messages, java.util.Locale" language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<%
String contextPath = request.getContextPath();
Locale locale = request.getLocale();
final String SECURITY_CHECK = "j_security_check";
%>
...
</head>
<body>
...
<h1><%= Messages.getString("LOGIN_LINE", locale) %></h1>
<div class="help-text"><%= Messages.getString("LOGIN_LINE_DESCR", locale) %></div>
<form target="_top" method="POST" action=<%= SECURITY_CHECK %>>
<table id="login-form">
<tr>
<td><%= Messages.getString("LOGIN_NAME", locale) %>:</td>
<td><input type="text" name="j_username"></td>
</tr>
<tr>
<td><%= Messages.getString("LOGIN_PASSWORD", locale) %>:</td>
<td><input type="password" name="j_password"></td>
</tr>
<tr>
<td id="login-button" colspan="2">
<input type="submit" name="login" value="
<%= Messages.getString("BUTTON_LOGIN", locale) %>"></td>
</tr>
</table>
</form>
And when you login you're redirected to the page that caused the exception in the first place. Except what actually happens is the exception is thrown again, and back we go to the login page.
So you have to login twice.
Not sure what to do about this or where to start looking. Any help would be appreciated. I have looked through existing questions on this and haven't been able to solve it.
EDIT: I've forgotten to mention that this works fine if the action that triggered the exception was a refresh, but fails (having to login twice) if the action was clicking on a commandbar.
Finally solved it using the following ViewHandler. This basically recreates the view that expired. In the case where there were POST parameters, they've obviously been lost so any view that cannot be created without them needs special handling.
Hopefully this is useful to anyone else who runs into this problem, and please let me know if you see anything wrong with this solution because I am not 100% confident in it.
/**
* This class just handles cases where the session expired
* which causes an exception on reload.
*/
public class ViewExpiredHandler extends ViewHandlerWrapper {
private ViewHandler wrapped;
public ViewExpiredHandler(ViewHandler wrapped) {
this.wrapped = wrapped;
}
@Override
public UIViewRoot restoreView( FacesContext ctx, String viewId )
{
UIViewRoot viewRoot = super.restoreView( ctx, viewId );
try {
if ( viewRoot == null) {
viewRoot = super.createView( ctx, viewId );
ctx.setViewRoot( viewRoot );
}
} catch (Exception e) {
e.printStackTrace();
}
return viewRoot;
}
@Override
protected ViewHandler getWrapped() {
return wrapped;
}
}