Home/ Questions/Q 6674571
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T03:45:41+00:00

i am getting the above exception when trying to login in icefaces with spring

  • 0

i am getting the above exception when trying to login in icefaces with spring security, and i don’t have any session configuration in my web.xml
i am getting the exception when clicking on login button in the jsf page
i am using JSF 2,ICEfaces 2,Spring Security 3

org.icefaces.application.SessionExpiredException: Session has expired

1-web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
  <display-name>myapp</display-name>

  <listener>
    <listener-class>
        org.springframework.web.context.ContextLoaderListener
    </listener-class>
  </listener>

  <listener>
    <listener-class>
        org.springframework.web.context.request.RequestContextListener
    </listener-class>
  </listener>

  <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
        classpath:META-INF/spring/applicationContext.xml
        classpath:META-INF/spring/applicationSecurity.xml
        </param-value>

  </context-param>

  <!-- Activating the Expression Language -->
    <context-param>
        <param-name>com.sun.faces.expressionFactory</param-name>
        <param-value>com.sun.el.ExpressionFactoryImpl</param-value>
    </context-param>

  <context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
  </context-param>

  <welcome-file-list>
    <welcome-file>faces/users.xhtml</welcome-file>
  </welcome-file-list>

  <context-param>
    <description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>server</param-value>
  </context-param>

  <context-param>
    <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
    <param-value>resources.application</param-value>
  </context-param>

  <listener>
    <listener-class>com.sun.faces.config.ConfigureListener</listener-class>
  </listener>

  <context-param>
    <param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
    <param-value>true</param-value>
  </context-param>


  <servlet>
    <servlet-name>Resource Servlet</servlet-name>
    <servlet-class>com.icesoft.faces.webapp.CompatResourceServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
  </servlet>

  <servlet-mapping>
    <servlet-name>Resource Servlet</servlet-name>
    <url-pattern>/xmlhttp/*</url-pattern>
  </servlet-mapping>

  <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
  </servlet>

  <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
    <url-pattern>/icefaces/*</url-pattern>
  </servlet-mapping>

  <!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

</web-app>

2- applicationSecurity.xml:

<beans:beans xmlns="http://www.springframework.org/schema/security"  
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.0.4.xsd">



        <global-method-security pre-post-annotations="enabled" />   
        <http use-expressions="true" >

        <session-management session-fixation-protection="migrateSession"/>
        <remember-me  token-validity-seconds="1209600"/>

        <!-- All pages requires authentication (not anonymous user) -->
        <intercept-url pattern="/faces/**" access="isAuthenticated()" />

        <!-- Exclude the login page from the security check -->
        <intercept-url pattern="/faces/login.xhtml" filters="none"/>


        <intercept-url pattern="/images/**" filters="none" />
        <intercept-url pattern="/scripts/**" filters="none" />
        <intercept-url pattern="/css/**" filters="none" />  

        <!-- Returns true if the user is not anonymous -->


        <access-denied-handler error-page="/error"/>

        <form-login default-target-url="/users"  
        always-use-default-target="true"            
            login-processing-url="/j_spring_security_check"         
            login-page="/faces/login.xhtml"
            authentication-failure-url="/login?login_error=1"                                                               
        />

        <logout logout-url="/logout" logout-success-url="/login" />     
    </http>


    <authentication-manager alias="authenticationManager">          
    <authentication-provider user-service-ref="userDetailsServiceImpl">



        </authentication-provider>
    </authentication-manager>


    </beans:beans>

3- login.xhtml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
                      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
    xmlns:h="http://java.sun.com/jsf/html"
    xmlns:f="http://java.sun.com/jsf/core"
    xmlns:ice="http://www.icesoft.com/icefaces/component"
    xmlns:ace="http://www.icefaces.org/icefaces/components">


            <h:head>
                <ice:outputStyle href="./resources/stylesheet.css" id="outputStyle1"/>
                <ice:outputStyle href="./xmlhttp/css/xp/xp.css" id="outputStyle2"/>
            </h:head>
            <h:body bgcolor="#677070" id="outputBody1" style="-rave-layout: grid">

                    <ice:panelLayout id="panelLayout2" style="border-width: 1px; background-color:#d9dbdb ; height: 100%; left: 0px; top: 0px; position: absolute; width: 40%"/>
                    <ice:panelLayout id="panelLayout3" style="border-width: 3px; border-style: solid; border-color: rgb(51, 0, 0) rgb(51, 0, 0) rgb(51, 0, 0) rgb(51, 0, 0); background-color: rgb(255, 255, 255); height: 330px; left: 408px; top: 144px; position: absolute; width: 570px; -rave-layout: grid">
                       <h:form>
                        <ice:graphicImage id="graphicImage1" style="height: 322px; left: 0px; top: 0px; position: absolute" url="/resources/images/LoginImage.jpg" width="560"/>
                        <ice:outputLabel for="j_username" id="outputLabel1" style="left: 48px; top: 120px; position: absolute" value="Username:"/>
                        <ice:outputLabel for="j_password" id="outputLabel2" style="left: 48px; top: 168px; position: absolute" value="Password:"/>
                        <ice:inputText binding="#{login.username}" id="j_username" required="true"
                            style="left: 142px; top: 118px; position: absolute; width: 237px" />
                        <ice:inputSecret binding="#{login.password}" id="j_password" required="true" style="left: 142px; top: 166px; position: absolute; width: 237px"/>
                        <ice:commandButton  actionListener="#{login.login}" id="loginBtn" style="left: 144px; top: 240px; position: absolute" value="Login"/>
                        <ice:commandButton action="#{login.reset}" id="resetBtn" style="position: absolute; left: 360px; top: 240px" value="Reset"/>
                        <ice:outputText id="errorMessage" style="left:0px;top:300px;position:absolute"/>
                        <ice:message errorClass="errorMessage"  for="j_username" fatalClass="fatalMessage" id="messages1" infoClass="infoMessage" showSummary="false"
                            style="height: 43px; left: 24px; top: 288px; position: absolute; width: 523px;color:red;" warnClass="warnMessage"/>
                   </h:form>
                    </ice:panelLayout>

            </h:body>

</html>

4- LoginBean:

package com.spring.sample.beans;

import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.faces.event.ActionEvent;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.annotation.Scope;
import org.springframework.security.web.authentication.AbstractProcessingFilter;
import org.springframework.stereotype.Component;

@SuppressWarnings("deprecation")
@Component("login")
@Scope("request")
public class LoginBean {

    Log log = LogFactory.getLog(getClass());

    private String username;

    private String password;

    /**
     * default empty constructor
     */
    public LoginBean() {

        Exception ex = (Exception) FacesContext
                .getCurrentInstance()
                .getExternalContext()
                .getSessionMap()
                .get(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);

        if (ex != null)
            FacesContext.getCurrentInstance().addMessage(
                    null,
                    new FacesMessage(FacesMessage.SEVERITY_ERROR, ex
                            .getMessage(), ex.getMessage()));

    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getUsername() {
        return username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public void login(ActionEvent e) throws Exception {
        log.debug("Login Button Action");
        FacesContext
                .getCurrentInstance()
                .getExternalContext()
                .redirect(
                        "/myapp/j_spring_security_check?j_username="
                                + username + "&j_password=" + password);
    }

    public String reset() throws Exception {
        setUsername("");
        setPassword("");
        return "";
    }

}

so what’s wrong with my code, or i am missing something or what ?
thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    i was able to fix it by using form action instead of button action to backing bean:

    1- login page:

    <form action="/myapp/j_spring_security_check" method="post">
                        <h:graphicImage id="graphicImage1" style="height: 322px; left: 0px; top: 0px; position: absolute" url="/resources/images/LoginImage.jpg" width="560"/>
                        <h:outputLabel for="j_username" id="outputLabel1" style="left: 48px; top: 120px; position: absolute" value="Username:"/>
                        <h:outputLabel for="j_password" id="outputLabel2" style="left: 48px; top: 168px; position: absolute" value="Password:"/>
                        <h:inputText binding="#{login.username}" id="j_username" required="true"
                            style="left: 142px; top: 118px; position: absolute; width: 237px" />
                        <h:inputSecret  id="j_password" required="true" style="left: 142px; top: 166px; position: absolute; width: 237px"/>
                        <h:commandButton   id="loginBtn" style="left: 144px; top: 240px; position: absolute" value="Login"/>
                        <h:commandButton  id="resetBtn" style="position: absolute; left: 360px; top: 240px" value="Reset"/>
                        <h:outputText id="errorMessage" style="left:0px;top:300px;position:absolute"/>
                        <h:message errorClass="errorMessage"  for="j_username" fatalClass="fatalMessage" id="messages1" infoClass="infoMessage" showSummary="false"
                            style="height: 43px; left: 24px; top: 288px; position: absolute; width: 523px;color:red;" warnClass="warnMessage"/>
                      </form>

    2- security.xml:

    <beans:beans xmlns="http://www.springframework.org/schema/security"  
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.0.4.xsd">


        <global-method-security pre-post-annotations="enabled" />   

        <!--  key configuration here is an entry point to be used by security intercepts -->
        <http use-expressions="true"  auto-config="true">

        <session-management session-fixation-protection="none"/>

        <remember-me  token-validity-seconds="1209600"/>

        <!-- Exclude the login page from the security check -->
        <intercept-url pattern="/faces/login.xhtml" access="permitAll"/>
        <intercept-url pattern="/faces/j_spring_security_check" access="permitAll" />

        <!-- All pages requires authentication (not anonymous user) -->
        <intercept-url pattern="/faces/**" access="isAuthenticated()" />

        <intercept-url pattern="/faces/javax.faces.resource/**" filters="none" />
        <intercept-url pattern="/faces/xmlhttp/**" filters="none" />
        <intercept-url pattern="/faces/resources/**" filters="none" />      
        <intercept-url pattern="/scripts/**" filters="none" />
        <intercept-url pattern="/images/**" filters="none" />
        <intercept-url pattern="/css/**" filters="none" />  

        <!-- Returns true if the user is not anonymous -->


        <access-denied-handler error-page="/error"/>

        <form-login default-target-url="/faces/users.xhtml"  
        always-use-default-target="true"            
            login-processing-url="/j_spring_security_check"         
            login-page="/faces/login.xhtml"
            authentication-failure-url="/faces/login.xhtml?login_error=1"                                                               
        />

        <logout logout-url="/logout" logout-success-url="/login" />     
    </http>

    <authentication-manager alias="authenticationManager">          
    <authentication-provider user-service-ref="userDetailsServiceImpl">
    </authentication-provider>
    </authentication-manager>


    </beans:beans>
    • 0