I have a simple page backed by a named bean. The page is also using primefaces, but I am not doing anything ajax in that page. The applications is hosted on Glassfish 5.1.
#Named("cardsView")
#RequestScoped
public class CardsViewBean implements Serializable {
...
}
This is the xhtml page. As you can see I am passing the bean to the master xhtml, not sure if it's the best practice or the source of the problem.
<ui:composition template="/fragment/master.xhtml"
xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://xmlns.jcp.org/jsf/html"
xmlns:p="http://primefaces.org/ui"
xmlns:c="http://java.sun.com/jsp/jstl/core"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:ui="http://xmlns.jcp.org/jsf/facelets"
xmlns:ipc="http://java.sun.com/jsf/composite/component">
<ui:param name="bean" value="${cardView}" />
<ui:define name="content">
.....
</ui:define>
</ui:composition>
It is my understanding that the request scoped bean lives just for the request.
However when I look to the browser inspector I can see that each time I hit the page a new JSESSIONID is created. So I think that there is clearly something I have wrongly configured but I am not sure where to look.
In fact, there is 2 request per page.
Initial request and postback request.
first, client makes a request to get the page. it is complete request by itself.
request: http://example.com/index
response: html page.
After user hits submit button or another button or link, browser requests another page again.
request: http://example.com/login
response: another page.
In another word, Jsf or any Ui framework holds information between 2 requests for us by various techniques and methods
see this question about Initial request and postback request
and Jsf lifecycle
and primeFaces lifeCycle show case
last Point: session has timeout in jservlet and you can config it using web.xml and If this time pass, your session expires and gives you another session
Happy Coding!
Related
A Java EE 8/SE 8 web application in deployement runnnig on Glassfish 5 build 25 both production and development, uses jsf 2.3. users create accounts and login. there is a 'logout' button for loging out.
Problem: 'logout' button works as expected everywhere on the website. EXCEPT home page (example.com) & (example.com/home.xhtml). the problem does not exists on my local computer. only in production (example.com).
So I have a template called : index.xhtml . all pages use it, including home.xhtml:
<ui:composition template="index.xhtml">
<ui:define name="top-bar">
<c:if test="#{request.remoteUser ne null}">
<h:form ><h:commandButton value="Log out" action="#{registerAdvanced.logout}"/></h:form>
</c:if>
</ui:define>
and
#Named
#RequestScoped
public class RegisterAdvanced extends BaseBacking implements Serializable {
public String logout() {
try {
getRequest().logout();
getContext().getExternalContext().getSessionMap().remove("user");
return REDIRECT_PAGE;
} catch (ServletException ex) {
return REDIRECT_PAGE;
}
}
}
Users login & logout fairly easily until I noticied that clicking on logout on the home page (home.xhtml) prints a null pointer exception AND redirect to 404 error page.
[[/home.xhtml #450,77 value="#{passesTestBean.displayPassSummaryList}": java.lang.NullPointerException
javax.el.ELException: /home.xhtml #450,77 value="#{passesTestBean.displayPassSummaryList}": java.lang.NullPointerException
at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:119)
at com.sun.faces.facelets.component.UIRepeat.getValue(UIRepeat.java:314)
at com.sun.faces.facelets.component.UIRepeat.getDataModel(UIRepeat.java:256)
at com.sun.faces.facelets.component.UIRepeat.setIndex(UIRepeat.java:507)
at com.sun.faces.facelets.component.UIRepeat.process(UIRepeat.java:557)
at com.sun.faces.facelets.component.UIRepeat.processDecodes(UIRepeat.java:861)
at javax.faces.component.UIComponentBase.processDecodes(UIComponentBase.java:1258)....
part of jsf where there is a call to value="#{passesTestBean.displayPassSummaryList}" is 100% seperate to logout and PassesTestBean CDI is request scope.
so the problem is SOMEHOW when I click on logout button. PassesTestBean is called for no reason and not since jsf must Initialize (since Request Scoped). it ends up returning null.
Now remember this only happens in: production at example.com AND only home page of all pages.
I'm thinking of writing a page only for loging out: has a log out button only.
Check for null pointer exception
getRequest().logout(); //here
getContext().getExternalContext().getSessionMap().remove("user");//here
My problem is that one : at every http request, a new session scoped bean is created and I don't know why.
Here is my jsf index page :
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:p="http://primefaces.org/ui">
<h:head>
<link type="text/css" rel="stylesheet" href="css/default.css"/>
</h:head>
<h:body>
<p:growl autoUpdate="true" showDetail="true" globalOnly="true"/>
<h:form id="f_main">
<ui:include src="#{pageBean.page}.xhtml"/>
</h:form>
</h:body>
</html>
Here is my PageBean
package web.bean.system;
import org.apache.log4j.Logger;
import web.bean.AbstractBean;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;
#ManagedBean
#SessionScoped
public class PageBean extends AbstractBean {
private static final long serialVersionUID = -882977117976414497L;
private static final Logger LOG = Logger.getLogger(PageBean.class);
public static final String HOME = "home";
private static int IT = 0;
private String page;
public PageBean() {
LOG.debug(IT++);
this.page = HOME;
}
public String getPage() {
LOG.debug(page);
return this.page;
}
public void setPage(String page) {
LOG.debug(page);
this.page = page;
}
}
In this case, the home page is empty.
But when I take a look at the logs after refreshing a lot of time, I can see that a new bean is created for every http request.
I have verified that I realy use javax.faces.bean and not an other package but I don't know why It doesn't work...
Have you any solution for me ?
That may happen if the HTTP session is not properly maintained between the client and the server. Before all, first learn how HTTP sessions work by carefully reading the "HttpSession" section of this answer: How do servlets work? Instantiation, sessions, shared variables and multithreading.
Now, you should understand that they're by default backed by cookies. You should now also understand that if cookies are not maintained by the client or instantly destroyed by the server for some reason, then the session won't be maintained across requests.
If you're using a bit modern webbrowser with builtin web developer toolset, press F12 to show it up and open the "Net"/"Network" tab. Look in the response header for Set-Cookie and in subsequent request header for Cookie. If Cookie is absent in request header and thus the server returns a new Set-Cookie header on the response, then it means that the client does not support cookies. Or if the right Cookie header is present and the server still returns a new Set-Cookie header on every response, then it means that the server's code has somewhere a line which calls HttpSession#invalidate() on every request (perhaps a homegrown authentication filter which is written by a starter).
I am using PrimeFaces 3.4 in my web app and for a particular page the controls are not displayed with the normal PrimeFaces skin:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:p="http://primefaces.org/ui">
<h:head>
<title>VMS login</title>
</h:head>
<h:body>
<h:form id="loginForm">
<p:messages id="messages" showDetail="true" autoUpdate="true" closable="true" />
<p:panel header="#{msgs['login.title']}">
<p:panelGrid id="loginPanel" columns="2">
<h:outputText value="#{msgs['login.username']}" />
<p:inputText id="j_username" value="#{loginFormBean.userName}" required="true"></p:inputText>
<p:message for="j_username" ></p:message>
<h:outputText value="#{msgs['login.password']}" />
<p:password id="j_password" value="#{loginFormBean.password}" required="true" feedback="false"></p:password>
<p:message for="j_password"></p:message>
<p:commandButton action="#{loginController.loginUsingSpringAuthenticationManager}" value="#{msgs['login.button']}" update="loginForm" ajax="true"></p:commandButton>
</p:panelGrid>
</p:panel>
</h:form>
</h:body>
</html>
This outputs to:
The panel should have a header and so on.
The interesting thing is that in another page where I am using a <p:layout> with different panels in the layouts they display fine with their normal PrimeFaces look-and-feel.
What am I doing wrong? Thank you
Given that it only occurs on the login page, that can happen when the authentication mechanism also kicks on requests to JSF resources like CSS/JS/image files and redirects them to the login page as well. The webbrowser would then retrieve the HTML representation of the login page instead of the concrete resources. If you have investigated the HTTP traffic in the webbrowser's developer toolset, then you should have noticed that as well.
If you're using homegrown authentication with a servlet filter, then you need to tell the filter to not redirect them to the login page, but just continue them. It are those /javax.faces.resource/* URLs (you can get that URL path as constant by ResourceHandler#RESOURCE_IDENTIFIER).
if (request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER)) {
chain.doFilter(request, response);
return;
}
// ...
Or if you're using container managed authentication, then you should add /javax.faces.resource/* to allowed URLs which should be skipped from login checks:
<security-constraint>
<web-resource-collection>
<web-resource-name>Allowed resources</web-resource-name>
<url-pattern>/javax.faces.resource/*</url-pattern>
</web-resource-collection>
<!-- No Auth Contraint! -->
</security-constraint>
See also Exclude css & image resources in web.xml Security Constraint.
Or when you're using 3rd party authentication framework like Spring Security, then you need to tell it the following way (assuming 3.1.0 or newer)
<http security="none" pattern="/javax.faces.resource/**" />
See also Spring Security 3.0.5.
Or when you're using PicketLink, see PrimeFaces based application with PicketLink does not show style in login page.
I have created a preRender method to be called when the user navigate to that specific page, I use:
<f:metadata>
<f:event listener="#{targetClass.prerender()}"
type="preRenderView">
</f:event>
</f:metadata>
but the problem is that this method is not being called when I navigate to this page, unless I use
<redirect />
in the faces-config.xml file.
But, I don't want to use redirect, so the url always point to the login page.
Thank you.
I have a JSF2 project with a "view user" page that reads the currently selected user from a session bean; userHandler.selectedUser.
The page is intended to be visited by navigating with links in the app.
However, if the user attempts to hit the "view user" page directly by this URL ...
http://localhost:8080/webapp/userView.jsf
... they see the page with no data on it (because there's no selected user in the userHandler).
I think what I'd like to do is redirect the user to the main page of the app if they try to hit it directly like that. What is a simple and elegant way of handling this problem?
Thanks,
Rob
You'd like to hook on the preRenderView event and then send a redirect when this is the case.
<f:metadata>
<f:event type="preRenderView" listener="#{bean.preRenderView}" />
</f:metadata>
with
public void preRenderView() throws IOException {
if (userHandler.getSelectedUser() == null) {
FacesContext.getCurrentInstance().getExternalContext().redirect("home.jsf");
}
}
A way to avoid this problem from the start is to have pages that you don't want to be accessed directly via URL into the WEB-INF folder of your project.
This way, your pages aren't accessible directly via URL.