jsf-2proxyviewexpiredexceptionwebseal

jsf view expired error when using reverse proxy


I'm writing an EAI (External Authentication Interface) solution that provides Login/Logout pages for some applications

We currently have a F5 load balancer which sits in front of two WebSEAL 6.1 reverse proxies which then balance requests between two applications running on WebSphere Application Server 8.0.0.10

The login pages are being served from a JSF 2.0.6 application and are using client state saving so that we don't have session timeouts

The pages are also using request scoped beans as to be as close to stateless as possible as I can't use JSF 2.2 to use a real stateless flag

We have found an issue with the following scenario and are struggling to come up with a solution

  1. A customer goes to the login page in their browser. WebSEAL sends them to one of the WebSphere servers
  2. The customer then submits the form but WebSEAL sends the new request to a different WebSphere server
  3. The customer than encounters an error but is redirected to a blank login page

We are using the OmniFaces FullAjaxExceptionHandler to catch the View Expired error that is generated on Step 2

We are also able to recreate the error by forcing WebSEAL to redirect the traffic between the two WebSphere servers and simulate the scenario

This issue seems to be because the view state from one WebSphere server is not compatible with the other WebSphere server, which makes sense

For our purposes we only really need the submitted form details in order to login the user, the view state isn't required from our side

Is there a way to make the client view state from one server compatible or work with the other server?

Any help with this issue would be appreciated.


Solution

  • I'm not sure if I'm allowed to answer my own question, but I did find a solution that works for us.

    We have used the OmniFaces enableRestorableView tag to reconstruct the view when it is damaged/missing in these situations.

    http://showcase.omnifaces.org/taghandlers/enableRestorableView

    In both of our test cases of forcing a break and tampering with the view state in the page the tag allows our application to proceed using the form parameters