Home/ Questions/Q 7803227
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T01:30:31+00:00

It seems a very common problem. But I couldn’t find any working solution. We

  • 0

It seems a very common problem. But I couldn’t find any working solution. We are using Richafaces 4, Myfaces 2.0.5 and Spring security 3.0.X.

On session time for ajax/non ajax requests, the user should be redirected to log in page.after logging back he should be shown the previously performed ajax/non ajax operation.

We are not facing any issue with non ajax requests. But for ajax requests, the user is not redirected to log in page.

I have followed this link https://community.jboss.org/message/729913#729913 and implemented servlet approach. the solution worked in Firefox, not in IE 8.

There could be one more problem even if it is properly redirected to log in page on session time out. I am expecting a ViewExpiredException on successful login for the previously invoked ajax request.

I wanted to bring the ViewExpiredException, since both these problems could be related each other.

Any solutions/leads will be appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since you use Spring Security 3.0.x, you can use custom sessionManagementFilter as described here

    The class com.icesoft.spring.security.JsfRedirectStrategy is available here

    If you are using Spring Security 3.1.x make these changes

     <beans:bean id="sessionManagementFilter" class="org.springframework.security.web.session.SessionManagementFilter">
    <beans:constructor-arg name="securityContextRepository" ref="httpSessionSecurityContextRepository" />
            <!-- this permits redirection to session timeout page from javascript/ajax or http -->
    <beans:property name="invalidSessionStrategy" ref="jsfRedirectStrategy" />
</beans:bean>

<beans:bean id="jsfRedirectStrategy" class="com.icesoft.spring.security.JsfRedirectStrategy">
  <beans:constructor-arg name="invalidSessionUrl" value="/general/logins/sessionExpired.jsf" />
</beans:bean>
<beans:bean id="httpSessionSecurityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"/>

    The only change to the JSFRedirectStrategy class are the first few lines:

    public class JsfRedirectStrategy implements InvalidSessionStrategy {
protected final Log logger = LogFactory.getLog(getClass()); 
     private String invalidSessionUrl;
private boolean contextRelative;

public JsfRedirectStrategy(String invalidSessionUrl){
    this.invalidSessionUrl=invalidSessionUrl;
}

@Override
public void onInvalidSessionDetected(HttpServletRequest request,
        HttpServletResponse response) throws IOException, ServletException {
    String redirectUrl = calculateRedirectUrl(request.getContextPath(), invalidSessionUrl);

    This works with IE8 also. If you are interested you can look at this blog also, but I never tried this as the above was much easier.

    FYI: If you do not do Spring there are many ways to do this:
    Primefaces does this on their site. link
    Or even simpler by importing Omnifaces jar link

    • 0