web.xml configuration to redirect to login page after session timeout in jsf

jsf jakarta-ee jsf-2

12,943

Solution 1

Possible answer: Handling ViewExpiredException depending on the current view.

What I'm using is a PrimeFaces - Extensions specific solution called AjaxErrorHandler. Take a look at their showcase for implementation tips.

As far as I know the above configuration will not work for AJAX requests.

Solution 2

Another possible answer: How to redirect to index page if session time out happend in jsf application

Yet another possible answer: Use a JSF PhaseListener.

Additionaly, I suggest using a Filter to check if your session is already alive and, if not, redirect to your custom error page (i don't remember where I learnt this method, probably through BalusC):

public class AuthenticationFilter implements Filter {
    private FilterConfig config;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.config = filterConfig;
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        if(((HttpServletRequest) request).getSession().getAttribute("some_attribute_you_store_in_Session") == null){
            ((HttpServletResponse)response).sendRedirect("yourCustomJSF.jsf");
        }else{
            chain.doFilter(request, response);
        }
    }

    public void destroy() {
        this.config = null;
    }

    // You also have to implement init() and destroy() methods.
}

Then, you have to declare this filter (and the url patterns that will trigger the filter) in your web.xml:

<filter>
    <filter-name>AuthenticationFilter</filter-name>
    <filter-class>yourPackage.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>AuthenticationFilter</filter-name>
    <url-pattern>private.jsf</url-pattern>
</filter-mapping>

I store my own bean in my JSF session so I can keep my user information. When the filter receives a null return while accessing the class, I know the session has been invalidated (maybe because it has expred, or just the user has logged out) and i redirect the request to my error page.

12,943

Author by

khan

I am a learner Who wants to learn All programming as well as Human Languages ....

Updated on July 20, 2022

Comments

khan almost 2 years
Is there any configuration in web.xml which redirects the application to login page after sesion expired in JSF.I google it but didn't find any good and simple answer.
I found this but it didn't work.
```
 <error-page>
    <exception-type>javax.faces.application.ViewExpiredException</exception-type>
    <location>/faces/index.xhtml</location>
</error-page>
```
If there is no configuration for this then how can i do this in JSF?
Thanks
Darrell Teague almost 10 years

If just checking an HttpSession, use this syntax: HttpSession session = request.getSession(false); if (session == null) ... Otherwise it will CREATE a new session. No need for the random session variable.