I'm working in JSF and trying to redirect a page if the user has already selected a language (I know that from a cookie).
So I've set a listener :
<f:event listener="#{languageSelectionController.checkSkipLanguageSelection}" type="preRenderView" />
that check if the cookie is present and if so redirect to the home page (without propose language choice page)
if (languageBean.isValidCookieDetected()) {
FacesContext.getCurrentInstance().getApplication().getNavigationHandler().handleNavigation(FacesContext.getCurrentInstance(), "languageSelection.xhtml", "toHome");
}
But I get an exception
java.lang.IllegalStateException: Response already committed
at weblogic.servlet.internal.ServletResponseImpl.objectIfCommitted(ServletResponseImpl.java:1602)
at weblogic.servlet.internal.ServletResponseImpl.sendRedirect(ServletResponseImpl.java:833)
at com.sun.faces.context.ExternalContextImpl.redirect(ExternalContextImpl.java:576)
at com.sun.faces.application.NavigationHandlerImpl.handleNavigation(NavigationHandlerImpl.java:182)
I've read the post What exactly does "Response already committed" mean? How to handle exceptions then? and try to raise the buffer size but it changes nothing.
UDPATE :
I've set a filter with the following code :
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
Cookie[] cookies = httpServletRequest.getCookies();
for (Cookie c : cookies) {
if (c.getName().equals("lang")) {
httpServletResponse.sendRedirect("home.xhtml");
}
}
chain.doFilter(request, response);
But I still got the Response already committed exception...
Can anyone help me ?
Thanks
Stephane
Related
Based upon the Scribe example on github, I'm trying to authorize my application to use LinkedIn's api.
Here is my current code that is tied to a button click:
public String generateFromLinkedIn() {
OAuthService service = new ServiceBuilder()
.provider(LinkedInApi.class)
.apiKey(apiKey)
.apiSecret(apiSecret)
.callback("http://localhost:8080/Project/faces/linkedIn.xhtml").build();
ExternalContext externalContext = FacesContext.getCurrentInstance()
.getExternalContext();
Token requestToken = service.getRequestToken();
String authUrl = service.getAuthorizationUrl(requestToken);
try {
externalContext.redirect(authUrl);
} catch (IOException ex) {
Logger.getLogger(LinkedInController.class.getName()).log(Level.SEVERE, null, ex);
}
Map<String, String> parameterMap = (Map<String, String>) externalContext.getRequestParameterMap();
Verifier v = new Verifier(parameterMap.get("oauth_verifier"));
Token accessToken = service.getAccessToken(requestToken, v);
OAuthRequest request = new OAuthRequest(Verb.GET, "https://api.linkedin.com/v1/people/~");
service.signRequest(accessToken, request);
Response response = request.send();
System.err.println(response.getBody());
return "";
}
And in my .xhtml page I have:
<h:commandButton value="Generate" action="#{linkedInController.generateFromLinkedIn()}"></h:commandButton>
Everything works okay until I try to get the Verifier from the parameter map, which does not have any oauth_verifier. I tried splitting it up into multiple methods, but so far I cannot obtain the oauth_verifier from the URL parameters even though it is clearly there after returning from LinkedIn authorization dialog.
Any suggestions on how to get this verifier correctly or how to make Scribe work with JSF?
You seem somehow to expect that the redirected request magically returns to exactly same location in the code and continues from there. This is untrue. It are effectively 2 HTTP requests. You're basically still fiddling around in the parameter map of the current request (the one which called the generateFromLinkedIn() method).
After you call redirect() you should be returning from the method. You should move the remainder of the code into the #PostConstruct or <f:viewAction> of the backing bean tied to linkedIn.xhtml. It's the one who's called with the parameter.
I have a custom authorization filter for my Authorize method in my OAuth controller. When the authorization filter notes the user is logged, it stuffs the current OAuth request into the session, and ships them off to log in.
After log in, in my /OAuth/Authorize endpoint, I check to see if that request is in the session, instead of immediately failing because there is not an authorization request attached to the current request. Then, I call the authorization server with that request object.
The code in my Authorize action looks like this:
[AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post)]
[ExternalAppAuthorizeAttribute]
public ActionResult Authorize() {
Object requestObject = this.HttpContext.Session["AuthRequest"];
HttpRequestBase request = null;
if ((requestObject != null) && (requestObject.GetType() == typeof(HttpRequestWrapper)))
{
request = (HttpRequestWrapper)requestObject;
this.HttpContext.Session.Remove("AuthRequest");
}
EndUserAuthorizationRequest pendingRequest = null;
if (request != null)
{
pendingRequest = this.authorizationServer.ReadAuthorizationRequest(request);
} else
{
pendingRequest = this.authorizationServer.ReadAuthorizationRequest();
}
if (pendingRequest == null) {
throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
}
ReadAuthorizationRequest fails, however, when the request was found in the session and restored. The error message is not very helpful: "Value does not fall within the expected range. "
Here is the stacktrace:
[ArgumentException: Value does not fall within the expected range.]
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) +0
System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode) +10
System.Web.Util.Misc.ThrowIfFailedHr(Int32 hresult) +9
System.Web.Hosting.IIS7WorkerRequest.GetServerVariableInternal(String name) +36
System.Web.Hosting.IIS7WorkerRequest.GetServerVariable(String name) +49
System.Web.HttpRequest.AddServerVariableToCollection(String name) +22
System.Web.HttpRequest.FillInServerVariablesCollection() +85
System.Web.HttpServerVarsCollection.Populate() +36
System.Web.HttpServerVarsCollection.Get(String name) +42
System.Collections.Specialized.NameValueCollection.get_Item(String name) +10
DotNetOpenAuth.Messaging.MessagingUtilities.GetPublicFacingUrl(HttpRequestBase request, NameValueCollection serverVariables) +61
DotNetOpenAuth.Messaging.MessagingUtilities.GetPublicFacingUrl(HttpRequestBase request) +43
DotNetOpenAuth.Messaging.Channel.ReadFromRequestCore(HttpRequestBase request) +69
I've inspected my request in flight and everything used by oauth in it looks totally fine: headers, URI, etc. I'm at a loss as to what might be causing this.
Does anyone know why this might be the case? Or, if you have alternative recommendations for storing the oauth request while the user is authenticating, I am open to them.
Turns out that ServerVariables on the HttpRequestWrapper was throwing an exception when called (which is now obvious from the stack trace). I believe this is because the request hadn't hit the controller action yet since it was intercepted by the filter. I guess that ServerVariables gets set when the request is processed by the controller action?
I resolved this by creating a new class that implements HttpRequestBase. I passed it my stored oauth request and the actual request, and returned the properties from the oauth request for everything in HttpRequestBase except ServerVariables, which I returned from the current request.
I'm using Glassfish 3.1.1 and JSF 2.0:
I have the following code:
public String doLoginOrCC() {
HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
this.flightNumber = request.getParameter("flightNumber");
if (request.getRemoteUser() == null) {
return "login.xhtml";
} else {
return "https://" + request.getLocalAddr() + ":8181" + request.getContextPath() + "/bookSeat.xhtml";
}
}
If user is not logged in then go to login.xhtml.
If user is logged in then go to https://localhost:8181/APP/bookSeat.xhtml
Unable to find matching navigation case with from-view-id '/flightInfo.xhtml' for action '#{bookSeatController.doLoginOrCC}' with outcome 'https://127.0.0.1:8181/PlaneTicketProgram5-war/bookSeat.xhtml'
Do I have to add a Navigation Rule in my faces-config.xml file.
If so how would I write the Navigation Rule?
You cannot change the HTTP scheme by a navigation case. A navigation case does basically a forward. You need to send a HTTP redirect instead. You can use ExternalContext#redirect() for this.
ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
externalContext.redirect("https://" + request.getLocalAddr() + ":8181" + request.getContextPath() + "/bookSeat.xhtml");
You only need to add a throws IOException to the bean action method.
Unrelated to the concrete problem, why aren't you logging in over HTTPS? Your problem suggests that you're logging in over HTTP which thus sends the username/password unencrypted over network. Also, grabbing the raw Servlet API from under the JSF covers should be avoided as much as possible. You can grab HTTP request parameters by ExternalContext#getRequestParameterMap() or, better, by #ManagedProperty or <f:viewParam>. You can get the remote user by ExternalContext#getRemoteUser().
My JSF application redirects any user who is not logged in to the login page. When the user logs in, I want the application to redirect to the page the user has initially entered in the browser's adress bar. But I don't know how to access the url the user has initially entered, since he is automatically redirected to the login page which I configured in the web.xml.
The container managed security doesn't have any API-provided facilities for this. Your best bet is to replace the <login-config> by a Filter class which does roughly like this:
HttpServletRequest httpreq = (HttpServletRequest) request;
HttpServletResponse httpres = (HttpServletResponse) response;
if (httpreq.getUserPrincipal() == null) {
httpreq.getSession().setAttribute("from", httpreq.getRequestURI());
httpres.sendRedirect("login.jsf");
} else {
chain.doFilter(request, response);
}
And then in your login thing:
request.login(username, password);
externalContext.redirect((String) request.getSession().getAttribute("from"));
I have a filter and I get Page not Found error when any client requests a JSF page in my web application. I don't know how to fix this issue.
Here is my filter code:
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession ses = req.getSession(true);
String pageRequested = req.getRequestURL().toString();
if (ses.getAttribute("userDetails") != null) {
fc.doFilter(request,response);
} else {
RequestDispatcher dis = request.getRequestDispatcher(LOGIN_PAGE);
dis.forward(request,response);
}
I have done all the necessary settings in web.xml deployment descriptor.
A 404 simply means that the requested resource is not found. Down to the point this can have 2 causes:
The URL is invalid (i.e. LOGIN_PAGE is invalid).
The resource is not there where you think it is.
To further nail down the cause in this particular problem we need to know 2 things:
What is the absolute URL of the current request? Print request.getRequestURL().
What is the absolute URL with which you can open the login page independently in webbrowser?
Then, you should be able to extract the correct LOGIN_PAGE from this information.