Java ee session/conversation/view timeout redirection - jsf

My environment is: NetBeans7.2.1, GlassFish3.1, JSF2 and Weld 1.1.0.
I'm trying to redirect to an error page in one of these cases ( session/conversation/view timeout ).
From what I read there are number of options:
Using <error-page> inside web.xml (but for some reason when I use location with error.xhtml page it's not working, only with a servlet - asked this question about this issue).
Using <exception-handler-factory> inside faces-config.xml which will use a CustomExceptionHandler like in this example.
Using a #WebFilter like in this example.
My main problem is that after I'm redirecting to error.xhtml page I want to disable going back to previous pages. so even if the user clickes on the back button he will still be redirected to the error page.
I was able to redirect to an error page when an exception accourd , but was not able to clear the cache so when the user goes back he still can see the previous page content.
I don't fully understand what are the diffrances between the 3 options above, and exactly what is the role of each option.
Can someone please explain ?
what is the diffrence between
NavigationHandler nav = fc.getApplication().getNavigationHandler();
nav.handleNavigation(fc, null, "/error");
facesContext.renderResponse();
and
((HttpServletResponse)response).sendRedirect("yourCustomJSF.jsf"); ?
How can I handle these exceptions by redirecting and clearing the cache so that the user will not be able to see previous page ?
Thank's In Advance.

You can use this for handle expired session/view:
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/index.jsf</location>
</error-page>

My main problem is that after I'm redirecting to error.xhtml page I want to disable going back to previous pages. so even if the user clickes on the back button he will still be redirected to the error page
to do this use a filter to not cache the page and send the request to the server instead
see this to get the code of filter
https://stackoverflow.com/a/19034603/2422368

Related

FullAjaxExceptionHandler not redirecting to custom error page (URL stays same) [duplicate]

In OmniFaces, the FullAjaxExceptionHandler, after having found the right error page to use, calls the JSF runtime to build the view and render it instead of the page that includes the AJAX call.
Why this? IMHO it would be simpler to just perform a ExternalContext#redirect()? Are there specific reasons to do this?
We are writing our own ExceptionHandler based on FullAjaxExceptionHandler and wanted to understand the reason behind this design.
The primary goal of the FullAjaxExceptionHandler is to let exceptions during ajax requests to behave exactly the same as exceptions during non-ajax requests. The developer must be able to reuse the error pages across both conditions without worrying about the condition while implementing the error pages.
A redirect isn't part of the normal flow during non-ajax requests. The default <error-page> mechanism in web.xml performs a forward to display the error page, not a redirect. If a redirect was performed, all error page request attributes such as javax.servlet.error.exception would get lost and render as null. Moreover, normal practice is to place error pages in /WEB-INF to prevent endusers from being able to directly access (and bookmark and share) them. A redirect would require them to be publicly accessible, which indicates a major design problem (is the intented target page actually a real error page?).
If you really need to perform a redirect to/from your error page, either homegrow a custom exception handler which explicitly invokes ExternalContext#redirect() and doesn't utilize web.xml <error-page> mechanism, or add a <meta http-equiv="refresh" ...> to the HTML head of the error page in question (example here).
In case you actually intended to redirect to some login page when a ViewExpiredException occurs, then you should realize that there's a big difference between the cases of "User is not logged in" and "Session/view is expired". For the former, you should not be catching ViewExpiredException at all, but use a simple servlet filter which checks if the user is logged in and redirect accordingly, long before the FacesServlet is invoked. A normal authentication framework (JAAS, Shiro, Spring Security, etc) also works that way.
See also:
What is the good approach to forward the exception from servlets to a jsp page?
What is the difference between redirect and navigation/forward and when to use what?
Why use a JSF ExceptionHandlerFactory instead of <error-page> redirection?
Check if session exists JSF
Authorization redirect on session expiration does not work on submitting a JSF form, page stays the same

standard error page does not work for forwards in jsf

whenever i have a redirect and something goes wrong(eg: NullPointer) then the configured error page is shown. However if i have a forward to certain page then the standard error page is not shown but the current page freezes i.e. the user will not be able to proceed further and there will be no error message too.
when i say forward, it is a navigation rule without <redirect/>.
when i say redirect, it is new window opening up.
i am using IBM Websphere.
any pointer would be of great help.
thanks.

glassfish: redirect all url to index

I'm working on the java ee application using glassfish 3 server and jsf.
I want all of requests to urls starting from my context root to be redirected to my index.xhtml.
For example, if a user types:
my-host/my-app-context-root/lgsfdjglksjdflgjldskfjg-anything
I want this request to be redirected to:
my-host/my-app-context-root/index.xhtml
So I want to know how can I implement this rule. If it's possible, I would like to do it somehow using Java/jsf or web.xml or some other files which belongs to my application only. I want to avoid to do any "general" server configurations, such as setting properties "redirect_n" as it is suggested there.
Thanks in advance and sorry for my English.
You could create a servlet filter with mapping "/*". Then use HttpServletRequest#getRequestURI() to check whether this is a request for js/css files or any other request and you can accordingly redirect to index.xhtml.
One solution would be to use a servlet with / in web.xml. This servlet would Act as the Default servlet for your application and could output the content of index.xhtml.

how to create a link to a JSF page from outside the application

I am working with a JSF application that posts on every mouse click, so if you get 5 pages deep, your url stays the same.
now i need to link to one of these pages from outside of jsf. what can i do?
(i am new to jsf)
Navigation rules use forward by default, that's why the URL does not change.
Use http://site.com/ctx/page.jsf to access a given page. *.jsf is the mapping of your faces servlet to in web.xml (it can have different value in your configuration, but normally it is *.jsf or /faces/*
i dont know if ive got it right but as much as i understood it you need to use GET instead of POST this time, right?
in my current project we still use JSF 1.2 and that is achieved by PrettyFaces (http://ocpsoft.com/prettyfaces/) by us. do you mean that?

How to redirect to index page if session time out happened in jsf application

I am using JSF RI 1.1. How to redirect to index page if session time out happens?
There are two ways which can be combinied:
Make use of the <meta> refresh header in the HTML <head> element in combination with HttpSession#getMaxInactiveInterval() which returns the remnant of seconds the session has yet to live.
<meta http-equiv="refresh" content="${pageContext.session.maxInactiveInterval};url=index.jsf">
This approach will automatically redirect the page to the given url when the session expires.
Catch ViewExpiredException in web.xml:
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/index.jsf</location>
</error-page>
This approach will automatically forward the request to the given <location> when a POST request has been fired (h:commandButton, h:commandLink, etc) while the session is expired.
Note that I personally would prefer an intermediate "Session Expired" warning page or alert to avoid "wtf?" experiences and thus improve the user experience. Even more, I would as well prefer firing an ajaxical poll every minute when the client has shown activity by listening on click and keypress, so that the session's lifetime can be postponed more.
JSF2:
<meta http-equiv="refresh" content="#{facesContext.externalContext.sessionMaxInactiveInterval};url=#{request.contextPath}/index.xhtml"/>
You can use a Filter to catch the particular exception indicating the timeout, and redirect from there.

Resources