Re: HttpSessionListener -->How to react, when Session is not valid anymore

Tue, 14 Feb 2006 05:50:19 -0800 

Are you using "j_security" ?

When a session timed out and you click on a link (which the currently
displayed page shows the user) j_security will *redirect* the user
itself to the login form

add something like to web.xml:

  <!-- Security is active on entire directory -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>

      <!-- Define the context-relative URL(s) to be protected -->
      <url-pattern>*.jsp</url-pattern>
      <url-pattern>*.faces</url-pattern>
      <url-pattern>*.html</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>cheffe</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Tomcat Server Configuration Form-Based Authentication
Area</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
  </login-config>

  <!-- Security roles referenced by this web application -->
  <security-role>
    <role-name>cheffe</role-name>
  </security-role>

On 2/14/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> So what can I do in my case?
> Is there another possibility to react on a session Timeput and redirection of 
> the user?
>
> Regards,
> Andy
>
> -----Ursprüngliche Nachricht-----
> Von: Matthias Wessendorf [mailto:[EMAIL PROTECTED]
> Gesendet: Dienstag, 14. Februar 2006 14:41
> An: MyFaces Discussion
> Betreff: Re: HttpSessionListener -->How to react, when Session is not
> valid anymore
>
>
> Hi Andreas,
>
> for each request there is one FacesContext obj, so it is not
> associated to the user's (http) session.
>
> -Matthias
>
> On 2/14/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> >
> >
> > Hi!
> >
> > I have just implemented a HttpSessionListener to react on the event, when
> > the session is not valid anymore.
> >
> > Now I want to redirect the user to my login page again, when the session is
> > timed out...
> >
> > The Problem is, that the FacesContext is also null, when the session is
> > timed out...
> > So how can I do a redirect, if I don't have a FacesContext?
> >
> >
> > So my listener looks like this:
> > public final class MyContextListener implements HttpSessionListener {
> >
> > public void sessionCreated(HttpSessionEvent arg0) {
> >                 // TODO Auto-generated method stub
> >
> >         }
> >
> > public void sessionDestroyed(HttpSessionEvent arg0) {
> >                 System.out.println("SESSION ABGELAUFEN");
> >
> >                 HttpServletRequest req = (HttpServletRequest)
> > FacesContext.getCurrentInstance().getExternalContext().getRequest();
> >
> >                 HttpServletResponse res
> > =(HttpServletResponse)FacesContext.getCurrentInstance().getExternalContext().getResponse();
> >
> >
> >                 try {
> >                         req.getRequestDispatcher("/logout.jsp").forward(req,
> > res);
> >                 }
> >                  catch (ServletException e2) {
> >                   e2.printStackTrace();
> >                 } catch (IOException e2) {
> >                   e2.printStackTrace();
> >                  }
> >         }
> > }
> > ______________________________________________________________________
> > Diese Nachricht ist fuer die MAGNA STEYR Fahrzeugtechnik AG & Co KG
> > rechtsunverbindlich! - This message is not legally binding upon MAGNA STEYR
> > Fahrzeugtechnik AG & Co KG! This email and any files transmitted with it are
> > confidential and intended solely for the use of the individual or entity to
> > whom they are addressed. If you have received this email in error please
> > notify your system manager. This footnote also confirms that this email
> > message has been swept for the presence of computer viruses.
> > ______________________________________________________________________
> >
>
>
> --
> Matthias Wessendorf
> Zülpicher Wall 12, 239
> 50674 Köln
> http://www.wessendorf.net
> mwessendorf-at-gmail-dot-com
>
>
> ______________________________________________________________________
>
> Diese Nachricht ist fuer die MAGNA STEYR Fahrzeugtechnik AG & Co KG 
> rechtsunverbindlich!
> - This message is not legally binding upon MAGNA STEYR Fahrzeugtechnik AG & 
> Co KG!
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> your system manager.
>
> This footnote also confirms that this email message has been swept
> for the presence of computer viruses.
> ______________________________________________________________________
>


--
Matthias Wessendorf
Zülpicher Wall 12, 239
50674 Köln
http://www.wessendorf.net
mwessendorf-at-gmail-dot-com

Reply via email to