AFAIK userForm.edit should never been called. Because if session is not valid
the user has no access right for editProfile.html as specified in
filterInvocationInterceptor:
/**/*.html*=ROLE_ADMIN,ROLE_USER
The resulting acegi exception should be caught by exceptionTranslationFilter
which should forward the user to:
<property name="loginFormUrl" value="/login.jsp"/>
If your settings in security.xml are the same as mine, I have no idea why
you end up with the stack trace.
René
Enrico Goosen wrote:
>
> Here's the stack trace:
>
>
> Yikes!
>
> javax.servlet.ServletException: javax.servlet.ServletException: Error
> calling action method of component with id userProfile:edit
> at
> net.sf.ehcache.constructs.web.filter.Filter.logThrowable(Filter.java:152)
> at net.sf.ehcache.constructs.web.filter.Filter.doFilter(Filter.java:97)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.ctjug.jobsite.webapp.filter.LocaleFilter.doFilterInternal(LocaleFilter.java:74)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> com.opensymphony.clickstream.ClickstreamFilter.doFilter(ClickstreamFilter.java:42)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:265)
> at
> org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:107)
> at
> org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:72)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:81)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
> at
> org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
> at
> org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:149)
> at
> org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584)
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: javax.servlet.ServletException: Error calling action method of
> component with id userProfile:edit
> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:152)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.ajax4jsf.framework.ajax.xmlfilter.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:75)
> at
> org.ajax4jsf.framework.ajax.xmlfilter.BaseFilter.doFilter(BaseFilter.java:213)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.ctjug.jobsite.webapp.filter.MessageFilter.doFilter(MessageFilter.java:62)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
> at
> com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:164)
> at
> org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:141)
> at
> org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:90)
> at
> org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:406)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> net.sf.ehcache.constructs.web.filter.GzipFilter.doFilter(GzipFilter.java:75)
> at net.sf.ehcache.constructs.web.filter.Filter.doFilter(Filter.java:92)
> ... 47 more
> Caused by: javax.faces.FacesException: Error calling action method of
> component with id userProfile:edit
> at
> org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:69)
> at javax.faces.component.UICommand.broadcast(UICommand.java:121)
> at
> org.ajax4jsf.framework.ajax.AjaxViewRoot.processEvents(AjaxViewRoot.java:274)
> at
> org.ajax4jsf.framework.ajax.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:250)
> at
> org.ajax4jsf.framework.ajax.AjaxViewRoot.processApplication(AjaxViewRoot.java:405)
> at
> org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
> at
> org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
> at
> org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:137)
> ... 71 more
> Caused by: javax.faces.el.EvaluationException: javax.el.ELException:
> /editProfile.xhtml @11,57 action="#{userForm.edit}":
> org.acegisecurity.userdetails.UsernameNotFoundException: user 'null' not
> found...
> at
> javax.faces.component._MethodExpressionToMethodBinding.invoke(_MethodExpressionToMethodBinding.java:79)
> at
> org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:54)
> ... 79 more
> Caused by: javax.el.ELException: /editProfile.xhtml @11,57
> action="#{userForm.edit}":
> org.acegisecurity.userdetails.UsernameNotFoundException: user 'null' not
> found...
> at
> com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:74)
> at
> javax.faces.component._MethodExpressionToMethodBinding.invoke(_MethodExpressionToMethodBinding.java:75)
> ... 80 more
> Caused by: org.acegisecurity.userdetails.UsernameNotFoundException: user
> 'null' not found...
> at
> org.ctjug.jobsite.dao.hibernate.UserDaoHibernate.loadUserByUsername(UserDaoHibernate.java:68)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:296)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:177)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:144)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
> at $Proxy25.loadUserByUsername(Unknown Source)
> at
> org.ctjug.jobsite.service.impl.UserManagerImpl.getUserByUsername(UserManagerImpl.java:84)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:296)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:177)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:144)
> at
> org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:66)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:166)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
> at $Proxy28.getUserByUsername(Unknown Source)
> at org.ctjug.jobsite.webapp.action.UserForm.edit(UserForm.java:81)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.el.parser.AstValue.invoke(AstValue.java:131)
> at
> org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
> at
> com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
> ... 81 more
>
> I haven't modified security.xml, but I noticed that this has been
> commented out (not by me):
> <!-- Changed to use logout.jsp since causes 404 on WebSphere:
> http://issues.appfuse.org/browse/APF-566 -->
> <!--bean id="logoutFilter"
> class="org.acegisecurity.ui.logout.LogoutFilter">
> <constructor-arg value="/index.jsp"/>
> <constructor-arg>
> <list>
> <ref bean="rememberMeServices"/>
> <bean
> class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
> </list>
> </constructor-arg>
> <property name="filterProcessesUrl" value="/logout.jsp"/>
> </bean-->
>
> Perhaps this issue has something to do with the "Remember Me" feature??
>
>
>
> Rene Guenther wrote:
>>
>> Can you post the stack trace?
>> Have you done any changes to security.xml?
>>
>> I am using same appfuse version. If user session runs out I am redirected
>> to login.jsp automatically.
>>
>> René
>>
>>
>> Enrico Goosen wrote:
>>>
>>> Hi Matt,
>>>
>>> I'm using JSF basic on Appfuse 2.0.
>>>
>>> Regards,
>>> Enrico
>>>
>>>
>>>
>>> mraible wrote:
>>>>
>>>> Which web framework and version of AppFuse gives you this horrible
>>>> stack trace?
>>>>
>>>> Matt
>>>>
>>>> On 12/20/07, Enrico Goosen <[EMAIL PROTECTED]> wrote:
>>>>>
>>>>> I also experienced a problem with the session timeout, and if for
>>>>> example
>>>>> the
>>>>> user clicks on "Edit Profile" after the session times out, you get a
>>>>> horrible stack trace, instead of a graceful redirect to the login
>>>>> page.
>>>>>
>>>>> To overcome this, I put the following code in MessageFilter.java:
>>>>>
>>>>> //redirect to login if session has expired
>>>>> String username = request.getRemoteUser();
>>>>> if (username == null){
>>>>> UrlPathHelper urlPathHelper = new UrlPathHelper();
>>>>> String path =
>>>>> urlPathHelper.getPathWithinApplication(request);
>>>>> if (path.contains("mainMenu") || path.contains("signup")
>>>>> ||
>>>>> path.contains("passwordHint")){
>>>>> //ignore
>>>>> }else{
>>>>> RequestDispatcher rd =
>>>>> request.getRequestDispatcher("/login.jsp");
>>>>> rd.forward(request, res);
>>>>> return;
>>>>> }
>>>>> }
>>>>> In my app, the user isn't required to login to view the mainMenu page,
>>>>> hence
>>>>> it only redirects for other pages that require a valid user.
>>>>>
>>>>>
>>>>> mraible wrote:
>>>>> >
>>>>> > There is no filter that's responsible for detecting a timeout. You
>>>>> > could create an HttpSessionListener that listens for deactivation,
>>>>> but
>>>>> > I don't believe you can actually detect it with a filter and forward
>>>>> > to a "your session has expired page".
>>>>> >
>>>>> >
>>>>> http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpSessionListener.html
>>>>> >
>>>>> > Matt
>>>>> >
>>>>> > On 4/12/07, VJ22 <[EMAIL PROTECTED]> wrote:
>>>>> >>
>>>>> >> Hello Matt...tks for the answer
>>>>> >>
>>>>> >> I have specified the same in the web.xml file .... but which filter
>>>>> is
>>>>> >> responsible for actually detecting a session timeout within Acegi
>>>>> within
>>>>> >> Appfuse ?
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> mraible wrote:
>>>>> >> >
>>>>> >> > It should be specified in web.xml.
>>>>> >> >
>>>>> >> > Matt
>>>>> >> >
>>>>> >> >
>>>>> >> > On 4/12/07, VJ22 <[EMAIL PROTECTED]> wrote:
>>>>> >> >>
>>>>> >> >> Hello,
>>>>> >> >>
>>>>> >> >> Which filter in the acegi security filter chain checks for a
>>>>> session
>>>>> >> >> timeout
>>>>> >> >> within the Appfuse configuration ? I am using the default of 30
>>>>> >> minutes
>>>>> >> >> in
>>>>> >> >> the web.xml ?
>>>>> >> >> I need a bit more flexibility in my logout process and was going
>>>>> >> through
>>>>> >> >> the
>>>>> >> >> maze of configuration files to figure out how the framework
>>>>> handles
>>>>> >> >> session
>>>>> >> >> timeouts ?
>>>>> >> >>
>>>>> >> >> tks in advance
>>>>> >> >>
>>>>> >> >> Rgds...VJ
>>>>> >> >> --
>>>>> >> >> View this message in context:
>>>>> >> >>
>>>>> http://www.nabble.com/session-timeout-tf3564175s2369.html#a9955303
>>>>> >> >> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>>>> >> >>
>>>>> >> >>
>>>>> ---------------------------------------------------------------------
>>>>> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>>> >> >> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>> >> >>
>>>>> >> >>
>>>>> >> >
>>>>> >> >
>>>>> >> > --
>>>>> >> > http://raibledesigns.com
>>>>> >> >
>>>>> >> >
>>>>> ---------------------------------------------------------------------
>>>>> >> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>>> >> > For additional commands, e-mail: [EMAIL PROTECTED]
>>>>> >> >
>>>>> >> >
>>>>> >> >
>>>>> >>
>>>>> >> --
>>>>> >> View this message in context:
>>>>> >> http://www.nabble.com/session-timeout-tf3564175s2369.html#a9958216
>>>>> >> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>>>> >>
>>>>> >>
>>>>> ---------------------------------------------------------------------
>>>>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>> >>
>>>>> >>
>>>>> >
>>>>> >
>>>>> > --
>>>>> > http://raibledesigns.com
>>>>> >
>>>>> >
>>>>> ---------------------------------------------------------------------
>>>>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>>> > For additional commands, e-mail: [EMAIL PROTECTED]
>>>>> >
>>>>> >
>>>>> >
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/session-timeout-tp9955303s2369p14437100.html
>>>>> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/session-timeout-tp9955303s2369p14453821.html
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
