dear christoph, hope that this is not private now , i was sure, that i sent
the last one also to the list... anyway ...
again thanks for you help ...
i copied now all the gode as desired and hope that this will help ;)
>ou won't really be able to tell if the user is "coming" from the login
>page. The best you can do is to detect that the session is not in a
>proper state - by checking for some key in the session. I'm just trying
>to be clear.
no i dont case all i want is to relogin without after crash if a timeout
happens...
>You have to do your checking in a Filter so that it occurs /before/ the
>servlet handles the request. Otherwise, you'd have to re-write a LOT of
>your application to check for proper session state before doing whatever
>it is your servlet needs to do.
yes that sounds logical to me ....but were is the right point ...;)
>Exactly where?
Im writing this in a Sigelton bean wich is initialized via spring with the
postconstruct
paramenter. it seems that this is to late, what do you suggest ? maybe a
special filter would be a better place?
like the following :
@PostConstruct
public void SNUserSingletonInit() {
session.setAttribute("ISVALID",test);
}
to give you an idea , where in the activity chain we are I send you the
callstack wich is shown if I set a breakboint the the codeline wich setts
the session-key:
SNUserSessionUtil.SNUserSingletonInit() line: 53
NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line: not
available [native method]
NativeMethodAccessorImpl.invoke(Object, Object[]) line: 39
DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 25
Method.invoke(Object, Object...) line: 597
InitDestroyAnnotationBeanPostProcessor$LifecycleElement.invoke(Object) line:
297
InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(Object,
String) line: 250
CommonAnnotationBeanPostProcessor(InitDestroyAnnotationBeanPostProcessor).postProcessBeforeInitialization(Object,
String) line: 144
DefaultListableBeanFactory(AbstractAutowireCapableBeanFactory).applyBeanPostProcessorsBeforeInitialization(Object,
String) line: 350
DefaultListableBeanFactory(AbstractAutowireCapableBeanFactory).initializeBean(String,
Object, RootBeanDefinition) line: 1329
DefaultListableBeanFactory(AbstractAutowireCapableBeanFactory).doCreateBean(String,
RootBeanDefinition, Object[]) line: 471
AbstractAutowireCapableBeanFactory$1.run() line: 409
AccessController.doPrivileged(PrivilegedAction<T>, AccessControlContext)
line: not available [native method]
DefaultListableBeanFactory(AbstractAutowireCapableBeanFactory).createBean(String,
RootBeanDefinition, Object[]) line: 380
AbstractBeanFactory$2.getObject() line: 302
SessionScope(AbstractRequestAttributesScope).get(String, ObjectFactory)
line: 43
SessionScope.get(String, ObjectFactory) line: 90
DefaultListableBeanFactory(AbstractBeanFactory).doGetBean(String, Class,
Object[], boolean) line: 298
DefaultListableBeanFactory(AbstractBeanFactory).getBean(String, Class,
Object[]) line: 185
DefaultListableBeanFactory(AbstractBeanFactory).getBean(String) line: 164
DefaultListableBeanFactory.findAutowireCandidates(String, Class,
DependencyDescriptor) line: 671
DefaultListableBeanFactory.resolveDependency(DependencyDescriptor, String,
Set, TypeConverter) line: 610
AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(Object,
String, PropertyValues) line: 412
InjectionMetadata.injectFields(Object, String) line: 105
AutowiredAnnotationBeanPostProcessor.postProcessAfterInstantiation(Object,
String) line: 240
and so on...
>It's possible that the framework is interfering, but unlikely. Can you
>send the code for your SessionTimeoutFilter as well as the configuration
>from web.xml for /all/ of your filters? Remember to remove any sensitive
>information.
Ok here comes the the code please have a look at the incode comments...
public class SessionTimeoutFilter implements Filter {
private final Log logger =
LogFactory.getLog(SessionTimeoutFilter.class);
private String timeoutPage = "timeout.html";
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException,
ServletException {
if ((request instanceof HttpServletRequest)
&& (response instanceof HttpServletResponse)) {
HttpServletRequest httpServletRequest =
(HttpServletRequest) request;
HttpServletResponse httpServletResponse =
(HttpServletResponse) response;
// is session expired control required for this request?
if
(isSessionControlRequiredForThisResource(httpServletRequest)) {
String requestedID =
httpServletRequest.getRequestedSessionId();
// is session invalid?
HttpSession session =
httpServletRequest.getSession();
String sID = session.getId();
String nochmalID =
httpServletRequest.getQueryString();
// ok this is allways false , means the session
is allways valid. sure
it is, but its a new one !
boolean isSessionInValid = (requestedID !=
null)&&
!httpServletRequest.isRequestedSessionIdValid();
Object testObject =
session.getAttribute("ISVALID");
// here I tried some things... the
isSessionInValid flag doesnt help b/c
the session is allways valid
// the testObject is allways null b/c if the
user comes from the
loginpage the user is not set in the first time
// with the code like this, we're allways
redirected in an constant
loop.
// besides that I think redirection is not the
right way to handle , I
mean,
// i feel the right solution would recognize
that the session is not in
a proper state and than
// delete the request wich allways causes in
that crash. but how? and
wich restored information exactly is the wrong one ?
if (testObject == null /*&& isSessionInValid*/
) {
String timeoutUrl =
httpServletRequest.getContextPath()
+ "/" +
getTimeoutPage();
logger
.info("session is
invalid! redirecting to timeoutpage : "
+
timeoutUrl);
httpServletResponse.sendRedirect(timeoutUrl);
return;
}
}
}
filterChain.doFilter(request, response);
System.out.println("test Request");
}
/**
*
* session shouldn't be checked for some pages. For example: for timeout
* page.. Since we're redirecting to timeout page from this filter, if
we
* don't disable session control for it, filter will again redirect to
it
* and this will be result with an infinite loop...
*/
private boolean isSessionControlRequiredForThisResource(
HttpServletRequest httpServletRequest) {
String requestPath = httpServletRequest.getRequestURI();
boolean controlRequired =
!StringUtils.contains(requestPath,getTimeoutPage());
return controlRequired;
}
public void destroy() {
}
public String getTimeoutPage() {
return timeoutPage;
}
public void setTimeoutPage(String timeoutPage) {
this.timeoutPage = timeoutPage;
}
the web xml :
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";>
<!-- Use for facelets -->
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<!-- Special Debug Output for Development -->
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>false</param-value>
</context-param>
<!-- -->
<context-param>
<param-name>facelets.SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<!-- context-param>
<param-name>facelets.BUFFER_SIZE</param-name>
<param-value>10000</param-value>
</context-param -->
<context-param>
<param-name>facelets.REFRESH_PERIOD</param-name>
<param-value>0</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-config.xml</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.verifyObjects</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PARTIAL_STATE_SAVING_DISPATCH_EVERY_TIME</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>facelets.LIBRARIES</param-name>
<param-value>/WEB-INF/myproject.taglib.xml;</param-value>
</context-param>
<!-- Vladi -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<!-- filter>
<filter-name>HibernateFilter</filter-name>
<filter-class>de.we.myproject.hibernate.HibernateFilter</filter-class>
</filter
Filter zur Überprufung des Logins
filter>
<filter-name>myproject-Auth-Filter</filter-name>
<filter-class>de.we.myproject.Util.AuthFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>myproject-Auth-Filter</filter-name>
<url-pattern>/pages/*</url-pattern>
</filter-mapping
filter-mapping>
<filter-name>HibernateFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping
Using bei Richfaces -->
<context-param>
<param-name>org.richfaces.SKIN</param-name>
<param-value>myproject</param-value>
</context-param>
<!--Richfaces has a few parsers onboard. The default one is based on Tidy,
but it is quite slow.
The Neko parser is faster and can be used by setting the following
context-param’
Fast Filter which is based on nekko parser requires nekkohtml.jar and
xersesimpl.jar in your classpath. As this filter wasn't default for A4j and
later RF -
these jars arent included to distribution. Download it and put in your
classpath.-->
<context-param>
<param-name>org.ajax4jsf.xmlparser.ORDER</param-name>
<param-value>TIDY,NEKO</param-value>
</context-param>
<!-- param-value>NEKO</param-value -->
<context-param>
<param-name>org.ajax4jsf.xmlparser.TIDY</param-name>
<param-value>/pages/announcement/notif_1.xhtml,
/pages/announcement/notif_1_search.xhtml,
/pages/announcement/mynotif.xhtml,
/pages/gatgets/show_gatgets.xhtml,
/pages/gatgets/my_gatgets.xhtml,
/pages/profile/profile_results.xhtml,
/pages/profile/profile_results_2.xhtml,
/pages/profile/show_profile_friends.xhtml,
/pages/profile/show_profile_trophies.xhtml,
/pages/profile/show_profile_groups.xhtml,
/pages/profile/show_profile_photoAlbums.xhtml,
/pages/myNetwork/addressbook_1.xhtml,
/pages/myNetwork/1_search.xhtml,
/pages/myNetwork/addressbook_2.xhtml,
/pages/myNetwork/addressbook_3.xhtml,
/pages/groups/searchgroup.xhtml,
/pages/groups/mygroupmessage.xhtml,
/pages/groups/mygroup.xhtml,
/pages/groups/updateGroup1.xhtml,
/pages/fotoAlbum/myPhotoAlbum.xhtml,
/pages/fotoAlbum/photoAlbums.xhtml,
/pages/messages/posteingang.xhtml,
/pages/messages/postausgang.xhtml,
/pages/appointment/appointment.xhtml,
/pages/appointment/myAppointment.xhtml</param-value>
</context-param>
<context-param>
<param-name>org.ajax4jsf.xmlparser.NEKO</param-name>
<param-value>.*\..*</param-value>
</context-param>
<!-- The following declaration allows to load only one integrated style
sheet file.
The integrated style sheet contains style for all shipped
components.
The skinnability feature still works.
The "DEFAULT" value is a classical on-demand variant.
The "NONE" stops loading the styles at all.
The earlier introduced plain skin resets all color and font
parameters
to null.
The "NONE" value for org.richfaces.LoadStyleStrategy means that
predefined
styles for RichFaces are not used. -->
<context-param>
<param-name>org.richfaces.LoadScriptStrategy</param-name>
<param-value>none</param-value>
</context-param>
<!-- Orchastra Optional
filter>
<filter-name>frameworkAdapterFilter</filter-name>
<filter-class>org.apache.myfaces.orchestra.frameworkAdapter.basic.BasicFrameworkAdapterFilter</filter-class>
</filter>
<filter>
<filter-name>requestParameterFilter</filter-name>
<filter-class>org.apache.myfaces.orchestra.requestParameterProvider.RequestParameterServletFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>frameworkAdapterFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>requestParameterFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping -->
<context-param>
<param-name>org.ajax4jsf.VIEW_HANDLERS</param-name>
<param-value>com.sun.facelets.FaceletViewHandler</param-value>
</context-param>
<filter>
<display-name>RichFaces Filter</display-name>
<filter-name>richfaces</filter-name>
<filter-class>org.ajax4jsf.Filter</filter-class>
<init-param>
<param-name>forceparser</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>enable-cache</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>maxRequestSize</param-name>
<param-value>1250000</param-value>
</init-param>
<init-param>
<param-name>createTempFiles</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<!-- filter-mapping>
<filter-name>SessionTimeoutFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping-->
<filter>
<filter-name>springRequestContextFilter</filter-name>
<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
</filter>
<filter>
<filter-name>SessionTimeoutFilter</filter-name>
<filter-class>de.we.myproject.util.SessionTimeoutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>richfaces</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>springRequestContextFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>SessionTimeoutFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<!-- Using bei Spring -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Orchestra -->
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>org.apache.myfaces.orchestra.conversation.servlet.ConversationManagerSessionListener</listener-class>
</listener>
<!--Anfang Session Time Out -->
<listener>
<listener-class>de.we.myproject.util.MySessionListener</listener-class>
</listener>
<!-- Faces Servlet -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Faces Servlet
servlet>
<servlet-name>SourceCodeServlet</servlet-name>
<servlet-class>
org.apache.myfaces.shared_tomahawk.util.servlet.SourceCodeServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet
servlet mapping
servlet-mapping>
<servlet-name>SourceCodeServlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping -->
<servlet>
<servlet-name>ConfirmServlet</servlet-name>
<servlet-class>de.we.myproject.util.UserConfirm</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ConfirmServlet</servlet-name>
<url-pattern>/confirm/*</url-pattern>
</servlet-mapping>
<!-- Faces Servlet Mapping -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
<!--End Session Time Out -->
<welcome-file-list>
<welcome-file>/index.html</welcome-file>
<!-- welcome-file>/index.xhtml</welcome-file -->
</welcome-file-list>
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/login_error.html</location>
</error-page>
<!-- orchestraFilter -->
<filter>
<filter-name>orchestraFilter</filter-name>
<filter-class>org.apache.myfaces.orchestra.conversation.jsf.filter.OrchestraServletFilter
</filter-class>
<init-param>
<param-name>serializeRequests</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>orchestraFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<!-- test -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Geschuetzter Bereich</web-resource-name>
<url-pattern>/pages/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>kunde</role-name>
<role-name>premiumkunde</role-name>
<role-name>superuser</role-name>
<role-name>user</role-name>
<role-name>premiumuser</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsf</form-login-page>
<form-error-page>/login_error.jsf</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>kunde</role-name>
</security-role>
<security-role>
<role-name>premiumkunde</role-name>
</security-role>
<security-role>
<role-name>superuser</role-name>
</security-role>
<security-role>
<role-name>guest</role-name>
</security-role>
<security-role>
<role-name>premiumGuest</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
<!--user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint-->
</security-role>
</web-app>
thank again for reading all the stuff chris ,
cheers
filip
--
View this message in context:
http://www.nabble.com/Tomcat-Realm-Auto-Relogin-after-Session-Timeout-Problem-tp21938671p21956226.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
