Show
added a comment - The server (at least Tomcat does) hides the difference between requests made directly by the browser and requests delayed and replayed through the authentication process. The difficulty with this is that in one case, the response is being delivered to a POST made by XMLHttpRequest, and in the other case the response is being delivered by a browser redirecting with a full page GET.
What appears to be workable is to add a special case for session expired being "browser readable" and taking the form of a redirect request to the expiry page (as sent from the server, not just as a redirect performed by the JavaScript bridge). For instance (diff has been edited so line numbers are not valid) the following seems to work as desired on tomcat:
===================================================================
— src/com/icesoft/faces/webapp/http/core/RequestVerifier.java (revision 19235)
+++ src/com/icesoft/faces/webapp/http/core/RequestVerifier.java (working copy)
@@ -3,6 +3,7 @@
import com.icesoft.faces.webapp.http.common.Request;
import com.icesoft.faces.webapp.http.common.Server;
import com.icesoft.faces.webapp.http.common.standard.EmptyResponse;
+import com.icesoft.faces.webapp.http.common.Configuration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -10,10 +11,19 @@
public class RequestVerifier implements Server {
private final static Log log = LogFactory.getLog(RequestVerifier.class);
+ private Configuration configuration;
private String sessionID;
private Server server;
public RequestVerifier(String sessionID, Server server)
Unknown macro: {+ public RequestVerifier(Configuration configuration, String sessionID, Server server) {
+ this.configuration = configuration;
this.sessionID = sessionID;
this.server = server;
}@@ -28,7 +38,8 @@ server.service(request); }
else
{
log.debug("Missmatched 'ice.session' value. Session has expired.");
- request.respondWith(SessionExpiredResponse.Handler);
+ request.respondWith(SessionExpiredResponse.getRedirectingHandler(configuration.getAttribute("sessionExpiredRedirectURI")));
+// request.respondWith(SessionExpiredResponse.Handler);
}
} else
Unknown macro: { if( log.isDebugEnabled() ){
Index: src/com/icesoft/faces/webapp/http/core/SessionExpiredResponse.java
===================================================================
--- src/com/icesoft/faces/webapp/http/core/SessionExpiredResponse.java (revision 19235)
+++ src/com/icesoft/faces/webapp/http/core/SessionExpiredResponse.java (working copy)
@@ -1,6 +1,8 @@
package com.icesoft.faces.webapp.http.core;
import com.icesoft.faces.webapp.command.Command;
+import com.icesoft.faces.webapp.http.common.Response;
+import com.icesoft.faces.webapp.http.common.ResponseHandler;
import com.icesoft.faces.webapp.http.common.standard.FixedXMLContentHandler;
import java.io.IOException;
@@ -14,4 +16,14 @@
SessionExpiredCommand.serializeTo(writer);
} }
;
+
+ public static ResponseHandler getRedirectingHandler(final String redirectURI) {
+ ResponseHandler handler = new ResponseHandler()
Unknown macro: {+ public void respond(Response response) throws Exception {
+ response.setStatus(302);
+ response.setHeader("Location", redirectURI);
+ }+ }
;
+ return handler;
+ }
}
Index: src/com/icesoft/faces/webapp/http/servlet/MainSessionBoundServlet.java
===================================================================
src/com/icesoft/faces/webapp/http/servlet/MainSessionBoundServlet.java (revision 19235)
+++ src/com/icesoft/faces/webapp/http/servlet/MainSessionBoundServlet.java (working copy)
@@ -124,13 +124,13 @@
receivePing = OKServer;
} else
{
//setup blocking connection server
- sendUpdatedViews = new RequestVerifier(sessionID, new PushServerDetector(session, sessionID, synchronouslyUpdatedViews, allUpdatedViews, monitorRunner, configuration, messageService, this));
- sendUpdates = new RequestVerifier(sessionID, new SendUpdates(configuration, views, this));
- receivePing = new RequestVerifier(sessionID, new ReceivePing(views, this));
+ sendUpdatedViews = new RequestVerifier(configuration, sessionID, new PushServerDetector(session, sessionID, synchronouslyUpdatedViews, allUpdatedViews, monitorRunner, configuration, messageService, this));
+ sendUpdates = new RequestVerifier(configuration, sessionID, new SendUpdates(configuration, views, this));
+ receivePing = new RequestVerifier(configuration, sessionID, new ReceivePing(views, this));
}
Server upload = new UploadServer(views, configuration);
Server receiveSendUpdates = new RequestVerifier(sessionID, new ReceiveSendUpdates(views, synchronouslyUpdatedViews, sessionMonitor, this));
+ Server receiveSendUpdates = new RequestVerifier(configuration, sessionID, new ReceiveSendUpdates(views, synchronouslyUpdatedViews, sessionMonitor, this));
dispatchOn(".*block\\/receive\\-updated -views$", new EnvironmentAdaptingServlet(sendUpdatedViews, configuration, session.getServletContext()));
PathDispatcherServer dispatcherServer = new PathDispatcherServer();
Adding reference to SalesForce case.
I've modified the test case so that it runs on Tomcat and I can replicate the behaviour there to help make it a bit easier to debug.