I have a web application currently deployed on Wildfly 22, using JSF 2.3 and OpenJDK 11. I'm currently migrating the login page from j_security_check to a programmatically login, following BalusC example on this post:
Performing user authentication in Java EE / JSF using j_security_check
I'm not posting the login code, because it's exactly like BalusC post.
The login process is working just fine, except when the session-timeout expires on the login page. In other words, when the user requests a protected resource, the login page is presented. If the session expires before the login form is submitted a ViewExpiredException
is thrown and an error is presented to the user.
I understand this is the expected behaviour, however it's not the desired situation for the end-user.
I managed to minimize this situation using OmniFaces's ViewExpiredExceptionHandler
.
This way, when a ViewExpiredException
is thrown, the OmniFaces handler will catch it and redirects to the current URL with the query string.
In other words, the user tries to login after the session expires and the login page is presented again to the user.
I managed to use the #{flash['org.omnifaces.view_expired'] eq true}
so that a nice message is presented to the user, explaining that a timeout occurred.
Is there any way to workaround this situation, and performing a successful login even when the session expires, so that the user doesn't have to enter his credentials twice?
Thanks for your help!
Is there any way to workaround this situation, and performing a successful login even when the session expires, so that the user doesn't have to enter his credentials twice?
Yes, by using stateless JSF by setting transient
attribute of <f:view>
to true
.
<f:view transient="true">
<h:form>
...
<h:commandButton ... action="#{requestScopedBean.login}" />
</h:form>
</f:view>
Do note that the backing bean must be @RequestScoped
, not @ViewScoped
or broader.