My IceFaces application crashes on session expiry. It's not showing the "User Session Expired" or "Network Connection Interrupted" message.
My guess is the same page is loaded again, and since the backing bean code cannot find the session variables, it throws the following exception:
exception
javax.servlet.ServletException: java.lang.Exception: javax.faces.FacesException: Problem in renderResponse: /main-template.jspx: User session has expired or it was invalidated.
root cause
java.lang.Exception: javax.faces.FacesException: Problem in renderResponse: /main-template.jspx: User session has expired or it was invalidated.
root cause
javax.faces.FacesException: Problem in renderResponse: /main-template.jspx: User session has expired or it was invalidated.
root cause
javax.el.ELException: /main-template.jspx: User session has expired or it was invalidated.
root cause
com.icesoft.faces.webapp.http.core.SessionExpiredException: User session has expired or it was invalidated.
root cause
java.lang.IllegalStateException: PWC2778: getAttribute: Session already invalidated
Asynchronous updates are on, and the jsp page has the <ice:outputConnectionStatus /> component.
Any ideas on how to stop this from happening?
Note: I was doing a lot of fancy stuff, like redirecting on session timeout, and displaying error pages for java.lang.Throwable, but I've commented it all out - without luck. When both redirection and error-handling were switched on, on the first time the application would show the error page, then after a while redirect to "session-expiry" page.
Thanks
I had the same problem with RichFaces and this answer saved me :
jsf login times out
For a lot of turn around and stranges things I recommend to see this blog :
http://balusc.blogspot.com/
Here is the code I'm currently using :
package com.spectotechnologies.jsf.viewhandler;
import com.sun.facelets.FaceletViewHandler;
import java.io.IOException;
import javax.faces.application.ViewHandler;
import javax.faces.component.UIViewRoot;
import javax.faces.context.FacesContext;
/**
* Source : https://stackoverflow.com/questions/231191/jsf-login-times-out
*
* This ViewHandler is used to remove the ViewExpiredException problem at login
* after the session is expired.
*
* #author Alexandre Lavoie
*/
public class AutoRegeneratorViewHandler extends FaceletViewHandler
{
public AutoRegeneratorViewHandler(ViewHandler p_oViewHandler)
{
super(p_oViewHandler);
}
#Override
public UIViewRoot restoreView(FacesContext p_oContext, String p_sViewID)
{
UIViewRoot oViewRoot = super.restoreView(p_oContext,p_sViewID);
if(oViewRoot == null)
{
// Work around Facelet issue
initialize(p_oContext);
oViewRoot = super.createView(p_oContext,p_sViewID);
p_oContext.setViewRoot(oViewRoot);
try
{
buildView(p_oContext,oViewRoot);
}
catch(IOException e)
{
e.printStackTrace();
}
}
return oViewRoot;
}
}
You also have to put this in faces-config.xml :
<application>
<view-handler>com.spectotechnologies.jsf.viewhandler.AutoRegeneratorViewHandler</view-handler>
</application>
Related
I am using hazelcast-3.11.2 and SubZero-0.9 as global serializer. I am trying to configure Spring Session using this example. When I have more than one node in cluster - I get next exception when trying to get session id:
2019-03-20 15:01:59.088 ERROR 13635 --- [ration.thread-3]
c.h.m.i.operation.EntryBackupOperation : [x.x.x.x]:5701
[hazelcast-group] [3.11.2] null
java.lang.NullPointerException: null at
com.hazelcast.map.AbstractEntryProcessor$EntryBackupProcessorImpl.processBackup(AbstractEntryProcessor.java:83)
at
com.hazelcast.map.impl.operation.EntryOperator.process(EntryOperator.java:314)
at
com.hazelcast.map.impl.operation.EntryOperator.operateOnKeyValueInternal(EntryOperator.java:181)
at
com.hazelcast.map.impl.operation.EntryOperator.operateOnKey(EntryOperator.java:166)
at
com.hazelcast.map.impl.operation.EntryBackupOperation.run(EntryBackupOperation.java:60)
at
com.hazelcast.spi.impl.operationservice.impl.operations.Backup.run(Backup.java:158)
at com.hazelcast.spi.Operation.call(Operation.java:170) at
com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.call(OperationRunnerImpl.java:208)
at
com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.run(OperationRunnerImpl.java:197)
at
com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.run(OperationRunnerImpl.java:413)
at
com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.process(OperationThread.java:153)
at
com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.process(OperationThread.java:123)
at
com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.run(OperationThread.java:110)
My instance config looks like this:
#Configuration
#EnableHazelcastHttpSession
public class HazelcastSessionConfig extends AbstractHttpSessionApplicationInitializer {
#Bean
public HazelcastInstance hazelcastInstance() {
Config config = new Config();
SubZero.useAsGlobalSerializer(config);
MapAttributeConfig attributeConfig = new MapAttributeConfig()
.setName(HazelcastSessionRepository.PRINCIPAL_NAME_ATTRIBUTE)
.setExtractor(PrincipalNameExtractor.class.getName());
config.getMapConfig(HazelcastSessionRepository.DEFAULT_SESSION_MAP_NAME)
.addMapAttributeConfig(attributeConfig)
.addMapIndexConfig(new MapIndexConfig(
HazelcastSessionRepository.PRINCIPAL_NAME_ATTRIBUTE, false));
return Hazelcast.newHazelcastInstance(config);
}
}
Removing SubZero from configuration, removes exception, so it looks like it is SubZero issue. I do use this instance as my cache provider also and hibernate second level cache, so I can not get rid off SubZero.
My thoughts were:
Having two different clusters: one for cache, another for session.
Don't work for me, since I do not know how to configure Spring
Session to use specific hazelcast instance (pass instance name, or
bean itself etc)
Specify which classes should be used with SubZero - but since I have
plenty and new classes going to be added - this is not the best idea
Will appreciate any help.
I am working on local live staging in Liferay 7.1, in which I have one custom field in Web content. When I export those web content to local live, I want to check that custom field as result I would be export that web content.
So for that, I am extending doExportStagedModel in BaseStagedModelDataHandler as below.
#Component(immediate = true,service = {StagedModelDataHandler.class})
public class Demo extends BaseStagedModelDataHandler<JournalArticle> {
// All the stuff
#Override
protected void doExportStagedModel(
PortletDataContext portletDataContext, JournalArticle article)
throws Exception {
// overridden stuff
}
// Other stuff
}
When I am deploying this, I got below exception.
2018-11-20 04:04:12.669 ERROR The setJournalCreationStrategy method
has thrown an exception java.lang.IllegalArgumentException: argument
type mismatch
2018-11-20 04:04:12.850 ERROR The
setJournalFeedExportImportContentProcessor method has thrown an
exception java.lang.IllegalArgumentException: argument type mismatch
Does anybody having idea how can I do this proper way on this?
I would like to send a binary file via an appended MVCResourceCommand I coded for the native journal portlet. But the program is unable to use the OutputStream provided by the resource request.
IOUtils.copy( input, response.getPortletOutputStream() );
Considering:
The code works perfectly on StrutsActions
In custom portlets, it also works
In StrutsActions:
IOUtils.copy( input, response.getOutputStream() );
However, the code throws an IllegalStateException, saying that the writer is being used when I call response.getOutputStream().
I know we can not mix these two
The code is not attempting to do so
I wonder if Liferay is doing something with that request before it reaches my extension of BaseMVCResourceCommand, this is specifically for that native portlet.
I checked the preview feature for a webcontect item, but its URL is for the view mode.
The URL is created from a portlet:resourceURL tag inserted through a JSP fragment and the command is in its own OSGi module.
For sure, the URL is correct and the command logs that it was hit, but the exception is thrown afterwards.
The portlet I am trying to change is the:
"com_liferay_journal_web_portlet_JournalPortlet"
Any thoughts?
PS: I know about the Servlet and Portlet ResponseUtils. but they also eventually try getting the stream, leadin to the same exception.
#Component( immediate = true,
property = {
"javax.portlet.name=" + JOURNAL, "mvc.command.name=/command"
},
service = MVCResourceCommand.class )
public class Resource extends BaseMVCResourceCommand {
#Override
public void doServeResource( ResourceRequest request, ResourceResponse response ) throws PortletException {
try {
response.getPortletOutputStream();
}
catch ( Exception e ) {
throw new PortletException( e );
}
}
}
Caused by: java.lang.IllegalStateException: Unable to obtain OutputStream because Writer is already in use
at com.liferay.portlet.MimeResponseImpl.getPortletOutputStream(MimeResponseImpl.java:75)
Update:
It seems this is the source of my issues (PortletURLImpl), still looking for a solution though:
if (lifecycle.equals(PortletRequest.RESOURCE_PHASE)) {
_copyCurrentRenderParameters = true;
}
When the URL is created it comes with all sources of garbage from the render phase. Including an MVCPath
i have two jsf pages (home.jsf and employees.jsf) ,
home page has a button that navigates to employees page,
while navigating i store value in session scope
at (Managed bean)
public void putSessionAL(ActionEvent actionEvent) {
FacesContext.getCurrentInstance().getExternalContext().getSessionMap().put("key","value");
}
public String navigate() {
return "employees";
}
i want to change Label at employees viewObject from UIHints tab depending on value stored at session using the following groovy expression
adf.context.sessionScope.key
and changed trustMode to trusted but it fires the following exception
oracle.jbo.script.ExprScriptException: JBO-29114 ADFContext is not setup to process messages for this exception. Use the exception stack trace and error code to investigate the root cause of this exception. Root cause error code is JBO-25188. Error message parameters are {0=Employees.FirstName, 1=, 2=oracle.jbo.script.ExprSecurityException}
at oracle.jbo.script.ExprScriptException.throwException(ExprScriptException.java:316)
at oracle.jbo.script.ExprScriptException.throwExceptionWithExprDef(ExprScriptException.java:387)
at oracle.jbo.ExprEval.processScriptException(ExprEval.java:599)
at oracle.jbo.ExprEval.doEvaluate(ExprEval.java:697)
at oracle.jbo.ExprEval.evaluate(ExprEval.java:508)
at oracle.jbo.ExprEval.evaluate(ExprEval.java:487)
at oracle.jbo.common.NamedObjectImpl.resolvePropertyRaw(NamedObjectImpl.java:680)
at oracle.jbo.server.DefObject.resolvePropertyRaw(DefObject.java:366)
One way to do it at the VO UIHint attribute label level will be programmaticaly by doing as follow :
In your VO go to the java tab and add the RowImpl java class
In the VORowImpl Add the following function
public String getMySessionLabel() {
return (String)FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get("key");
}
In the Label add the following EL expression :
adf.object.getMySessionLabel()
This technique allow you more control than pure EL, if you want to do more than getting from session for example. In your case pure EL, as you did, should work as well. (Would need to check what is wrong with yours, maybe just missing the
#{adf.context.sessionScope.key}
If you attempt to get your label from a method in viewRowImpl. So this will be executed at least once for each row. I think this solution isn't fit for your case.
anyway ADF as a framework added strong policy and validations in EL in general and especially in version 12.2.x.
The solution for you case as following:
Create new class in model layer which extends oracle.jbo.script.ExprSecurityPolicy class
Override checkProperty method.
#Override
public boolean checkProperty(Object object, String string, Boolean b) {
if (object.getClass().getName().equals("oracle.adf.share.http.ServletADFContext") && string.equals("sessionScope")) {
return true;
}
return super.checkProperty(object, string, b);
}
Open adf-config.xml source and in startup tag set your class ExprSecurityPolicy property.
like:
<startup ExprSecurityPolicy="model.CustomExprSecurityPolicy">
I am trying to get my security stuff setup for symfony2 and I have it working so far, but now I need to do some more fancy things. I am currently using everything dealing with PreAuthentication (I use a third party component for logging in and session management). That part is working great in tandem with the JMS security bundle.
Now I am to the point when I want to catch the users that are throwing 403s so I can just forward them to the login page of the third party component that I am using. I think my best bet is to add an exception handler to the exception listener. I am looking at the AccessDeniedHandlerInterface.
Is this the right direction for me to be going?
How do I add this handler to the exception listener?
EDIT:
I ended up doing something similar. I created a service that is prompted on the kernel.exception event. services.yml looks like this:
services:
kernel.listener.accessDenied:
class: Fully\Qualified\Namespace\Path\To\Class
tags:
- { name: kernel.event_listener, event: kernel.exception, method: onAccessDeniedException }
and the class it self:
<?php
namespace Fully\Qualified\Namespace\Path\To;
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent,
Symfony\Component\HttpFoundation\Response,
Symfony\Component\Security\Core\Exception\AccessDeniedException;
class Class
{
public function onAccessDeniedException(GetResponseForExceptionEvent $event)
{
$exception = $event->getException();
//Get the root cause of the exception.
while (null !== $exception->getPrevious()) {
$exception = $exception->getPrevious();
}
if ($exception instanceof AccessDeniedException) {
//Forward to third-party.
}
}
}
This sounds about right.
Or, if you're specifically interested in AccessDeniedException you could also define access_denied_handler within your firewall in security.yml:
security:
firewalls:
my_firewall:
# ...
access_denied_handler: kernel.listener.access_denied.handler
# ...
Then define your service in your services.xml or equivalent:
<parameters>
<parameter key="kernel.listener.security.class">Path\To\Your\Class</parameter>
</parameters>
<service id="kernel.listener.access_denied.handler" class="%kernel.listener.security.class%">
<tag name="kernel.event_listener" event="security.kernel_response" method="handle" />
</service>
The handler class:
use \Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
class MyAccessDeniedHandler implements AccessDeniedHandlerInterface
{
public function handle(Request $request, AccessDeniedException $accessDeniedException)
{
// do something with your exception and return Response object (plain message of rendered template)
}
}
You can find complete Security reference of Symfony2 here: http://symfony.com/doc/2.8/reference/configuration/security.html