define error pages location jsf 2 - jsf

I am trying to redirect my user to the login page when the session expires. I followed the instructions on this link How to handle session expiration and ViewExpiredException in JSF 2? and it works, except for the fact that it redirects me to a non existing page.
In my application root, I have a login.xhtml page. So in my web.xml I have this:
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/login.xhtml</location>
</error-page>
But while using the application I am at localhost/sample/user/create.sm when the session expires, it redirects me to localhost/sample/user/login.xhtml, while I expected to be redirected to localhost/sample/login.sm. How should I make the correct configuration?
I am using jboss 6.1 and mojarra 2.1.7
Thanks

The <location> has to match the FacesServlet mapping. You seem to have mapped it on *.sm instead of *.xhtml. In that case, change /login.xhtml to /login.sm.

Related

FullAjaxExceptionHandler not redirecting to custom error page (URL stays same) [duplicate]

In OmniFaces, the FullAjaxExceptionHandler, after having found the right error page to use, calls the JSF runtime to build the view and render it instead of the page that includes the AJAX call.
Why this? IMHO it would be simpler to just perform a ExternalContext#redirect()? Are there specific reasons to do this?
We are writing our own ExceptionHandler based on FullAjaxExceptionHandler and wanted to understand the reason behind this design.
The primary goal of the FullAjaxExceptionHandler is to let exceptions during ajax requests to behave exactly the same as exceptions during non-ajax requests. The developer must be able to reuse the error pages across both conditions without worrying about the condition while implementing the error pages.
A redirect isn't part of the normal flow during non-ajax requests. The default <error-page> mechanism in web.xml performs a forward to display the error page, not a redirect. If a redirect was performed, all error page request attributes such as javax.servlet.error.exception would get lost and render as null. Moreover, normal practice is to place error pages in /WEB-INF to prevent endusers from being able to directly access (and bookmark and share) them. A redirect would require them to be publicly accessible, which indicates a major design problem (is the intented target page actually a real error page?).
If you really need to perform a redirect to/from your error page, either homegrow a custom exception handler which explicitly invokes ExternalContext#redirect() and doesn't utilize web.xml <error-page> mechanism, or add a <meta http-equiv="refresh" ...> to the HTML head of the error page in question (example here).
In case you actually intended to redirect to some login page when a ViewExpiredException occurs, then you should realize that there's a big difference between the cases of "User is not logged in" and "Session/view is expired". For the former, you should not be catching ViewExpiredException at all, but use a simple servlet filter which checks if the user is logged in and redirect accordingly, long before the FacesServlet is invoked. A normal authentication framework (JAAS, Shiro, Spring Security, etc) also works that way.
See also:
What is the good approach to forward the exception from servlets to a jsp page?
What is the difference between redirect and navigation/forward and when to use what?
Why use a JSF ExceptionHandlerFactory instead of <error-page> redirection?
Check if session exists JSF
Authorization redirect on session expiration does not work on submitting a JSF form, page stays the same

URLs with .jsf extension still redirect to .xhtml after FacesServlet removal from web.xml

I have a web application that originally was a JSF app, but has been migrated to pure HTML/JavaScript. We are now in the progress of eliminating JSF completely.
We had the physical file main.xhtml, which was requested by "main.jsf", where the FacesServlet was declared in web.xml with url-mapping *.jsf.
We have moved the content to main.html, and put a meta-tag REFRESH in main.xhtml to redirect to main.html.
Now the problem is that even if I remove FacesServlet from web.xml, it still redirects the request for main.jsf to main.xhtml. If I rename the file main.xhtml to main.jsf, requesting main.jsf gives a 404, and the server log says it cannot find a file "main.jsp".
Now the question is: If it redirects *.jsf to *.jsp or *.xhtml even when there is no FacesServlet in web.xml, what is responsible for this redirections?
I'm using GlassFish 3.1.2.2.
When using JSF 2.0+ on a Servlet 3.0+ container, and there's no explicit FacesServlet registration in webapp's own web.xml, then the FacesServlet will during webapp's startup automatically be registered on URL patterns /faces/*, *.faces and *.jsf.
See also its javadoc:
This servlet must automatically be mapped if it is not explicitly mapped in web.xml or web-fragment.xml and one or more of the following conditions are true.
A faces-config.xml file is found in WEB-INF
A faces-config.xml file is found in the META-INF directory of a jar in the application's classpath.
A filename ending in .faces-config.xml is found in the META-INF directory of a jar in the application's classpath.
The javax.faces.CONFIG_FILES context param is declared in web.xml or web-fragment.xml.
The Set of classes passed to the onStartup() method of the ServletContainerInitializer implementation is not empty.
If the runtime determines that the servlet must be automatically mapped, it must be mapped to the following <url-pattern> entries.
/faces
*.jsf
*.faces
JSF 2.3 will add *.xhtml URL pattern to the set (which is backported in Mojarra 2.2.11).
If you want to stop this behavior, and you can't eliminate the triggers (e.g. still having a faces-config.xml), then your best bet is to explicitly register FacesServlet on *.xhtml in webapp's own web.xml. This will override the default auto registered URL patterns.

redirect to default (home) page after login in jsf2.2 and primefaces

Using JSf2.2 with primefaces 3.4, could not redirect to home page which is my default url of application.
if I am at the one of the view(page) in my application using JSF mvc .when i stop the server and restart it and enter the existing url (or the url where my app at the moment) then my app redirect to login page ,which is done by spring security .now when i logged in again getting redirected to the view from where i came to the login page.I have checked the javax.faces.STATE_SAVING_METHOD in my web.xml it is mentioned client .what is the problem it should be redirect to defaultUrl page i.e home.xhtml . Do jsf store the previous view if we do not get properly logged out ?or some other issue kindly tell me
This is not related to JSF / Primefaces as already indicated. Its due to spring security configuration.
You can control this behavior by setting either true / false for 'always-use-default-target' attribute of tag.
Example 1:
In this example after successfull login it would always invoke /success action, irrespective of which page you initiated the action
<form-login default-target-url="/success" always-use-default-target="true" />
Example 2:
In this example after successfull login it would show the page where you initiated the action.
<form-login default-target-url="/success" always-use-default-target="false" />

Java ee session/conversation/view timeout redirection

My environment is: NetBeans7.2.1, GlassFish3.1, JSF2 and Weld 1.1.0.
I'm trying to redirect to an error page in one of these cases ( session/conversation/view timeout ).
From what I read there are number of options:
Using <error-page> inside web.xml (but for some reason when I use location with error.xhtml page it's not working, only with a servlet - asked this question about this issue).
Using <exception-handler-factory> inside faces-config.xml which will use a CustomExceptionHandler like in this example.
Using a #WebFilter like in this example.
My main problem is that after I'm redirecting to error.xhtml page I want to disable going back to previous pages. so even if the user clickes on the back button he will still be redirected to the error page.
I was able to redirect to an error page when an exception accourd , but was not able to clear the cache so when the user goes back he still can see the previous page content.
I don't fully understand what are the diffrances between the 3 options above, and exactly what is the role of each option.
Can someone please explain ?
what is the diffrence between
NavigationHandler nav = fc.getApplication().getNavigationHandler();
nav.handleNavigation(fc, null, "/error");
facesContext.renderResponse();
and
((HttpServletResponse)response).sendRedirect("yourCustomJSF.jsf"); ?
How can I handle these exceptions by redirecting and clearing the cache so that the user will not be able to see previous page ?
Thank's In Advance.
You can use this for handle expired session/view:
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/index.jsf</location>
</error-page>
My main problem is that after I'm redirecting to error.xhtml page I want to disable going back to previous pages. so even if the user clickes on the back button he will still be redirected to the error page
to do this use a filter to not cache the page and send the request to the server instead
see this to get the code of filter
https://stackoverflow.com/a/19034603/2422368

glassfish: redirect all url to index

I'm working on the java ee application using glassfish 3 server and jsf.
I want all of requests to urls starting from my context root to be redirected to my index.xhtml.
For example, if a user types:
my-host/my-app-context-root/lgsfdjglksjdflgjldskfjg-anything
I want this request to be redirected to:
my-host/my-app-context-root/index.xhtml
So I want to know how can I implement this rule. If it's possible, I would like to do it somehow using Java/jsf or web.xml or some other files which belongs to my application only. I want to avoid to do any "general" server configurations, such as setting properties "redirect_n" as it is suggested there.
Thanks in advance and sorry for my English.
You could create a servlet filter with mapping "/*". Then use HttpServletRequest#getRequestURI() to check whether this is a request for js/css files or any other request and you can accordingly redirect to index.xhtml.
One solution would be to use a servlet with / in web.xml. This servlet would Act as the Default servlet for your application and could output the content of index.xhtml.

Resources