Details
-
Type: Bug
-
Status: Closed
-
Priority: Major
-
Resolution: Won't Fix
-
Affects Version/s: 2.0.0
-
Fix Version/s: 3.0
-
Component/s: Framework
-
Labels:None
-
Environment:Debian or OpenSUSE, Java SUN or OpenJDK, Glassfish 3.0.1, IceFaces 2.0.0
-
Assignee Priority:P1
-
ICEsoft Forum Reference:
-
Workaround Exists:Yes
-
Workaround Description:
Description
I now have created a smaller project that demonstrates the problem. The realm is based on a MySQL database and created like
==== create realm ==============
sudo /opt/glassfishv3/glassfish/bin/asadmin create-auth-realm --classname com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm --property jaas-context=jdbcRealm:datasource-jndi=card:user-table=employees:user-name-column=userid:password-column=password:group-table=employees:group-name-column=role:digest-algorithm=MD5 userauth
========== end =============
===== web.xml ================
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<param-name>com.icesoft.faces.uploadDirectory</param-name>
<param-value>upload</param-value>
</context-param>
<context-param>
<param-name>org.icefaces.strictSessionTimeout</param-name>
<param-value>true</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>Resource Servlet</servlet-name>
<servlet-class>com.icesoft.faces.webapp.CompatResourceServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/icefaces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Resource Servlet</servlet-name>
<url-pattern>/xmlhttp/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
3
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>Secured/client.jsf</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>protected</web-resource-name>
<description/>
<url-pattern>/Secured/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>ADMIN</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>userauth</realm-name>
<form-login-config>
<form-login-page>/Open/login.jsp</form-login-page>
<form-error-page>/Open/loginfailed.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Manages the employees</description>
<role-name>MANAGER</role-name>
</security-role>
</web-app>
========== End =============
===== sun-web.xml ============
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
<context-root>/SessionTimeOut</context-root>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
<security-role-mapping>
<role-name>ADMIN</role-name>
<group-name>ADMIN</group-name>
</security-role-mapping>
</sun-web-app>
======== End ===============
Now in the Open dir I have 2 files
login.jsp and loginfailed.jsp.
In the Secured dir I have created a client.xhtml that uses a template.xhml
======= client.xhtml =============
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ui:composition xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:icecore="http://www.icefaces.org/icefaces/core"
xmlns:ice="http://www.icesoft.com/icefaces/component"
xmlns:ace="http://www.icefaces.org/icefaces/components"
template="./newICEfacesTemplate.xhtml">
<ui:define name="top">
top
</ui:define>
<ui:define name="left">
left
</ui:define>
<ui:define name="content">
<ice:form id="panelform">
<ice:panelTabSet height="330px">
<ice:panelTab label="First Tab">
<ice:outputText value="First content"/>
</ice:panelTab>
<ice:panelTab label="Second Tab">
<ice:outputText value="Second content"/>
</ice:panelTab>
</ice:panelTabSet>
</ice:form>
</ui:define>
<ui:define name="bottom">
bottom
</ui:define>
</ui:composition>
============== End =============
As you can see in the above web.xml the directory Secured is protected. When I request client.jsp in the browser I am correctly redirected to the login page. After a successful authorization I get the client.jsp page correctly. I have currently set the session time out till only 3 minutes. I have also set the strictSessionTimeout to true. I have no redirect page in case of a session timeout. The problem is shown already without that.
======= Symptom ==========
After 3 minutes of inactivity you can't anymore click on the tabs => the GUI becomes totally unresponsive.
=======================
It is worth mentioning that without the realm I correctly get a popup indicating that the session has expired.
If you want I can share the war file or the source
Cheers,
// Jonas
==== create realm ==============
sudo /opt/glassfishv3/glassfish/bin/asadmin create-auth-realm --classname com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm --property jaas-context=jdbcRealm:datasource-jndi=card:user-table=employees:user-name-column=userid:password-column=password:group-table=employees:group-name-column=role:digest-algorithm=MD5 userauth
========== end =============
===== web.xml ================
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<param-name>com.icesoft.faces.uploadDirectory</param-name>
<param-value>upload</param-value>
</context-param>
<context-param>
<param-name>org.icefaces.strictSessionTimeout</param-name>
<param-value>true</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>Resource Servlet</servlet-name>
<servlet-class>com.icesoft.faces.webapp.CompatResourceServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/icefaces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Resource Servlet</servlet-name>
<url-pattern>/xmlhttp/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
3
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>Secured/client.jsf</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>protected</web-resource-name>
<description/>
<url-pattern>/Secured/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>ADMIN</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>userauth</realm-name>
<form-login-config>
<form-login-page>/Open/login.jsp</form-login-page>
<form-error-page>/Open/loginfailed.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Manages the employees</description>
<role-name>MANAGER</role-name>
</security-role>
</web-app>
========== End =============
===== sun-web.xml ============
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
<context-root>/SessionTimeOut</context-root>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
<security-role-mapping>
<role-name>ADMIN</role-name>
<group-name>ADMIN</group-name>
</security-role-mapping>
</sun-web-app>
======== End ===============
Now in the Open dir I have 2 files
login.jsp and loginfailed.jsp.
In the Secured dir I have created a client.xhtml that uses a template.xhml
======= client.xhtml =============
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ui:composition xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:icecore="http://www.icefaces.org/icefaces/core"
xmlns:ice="http://www.icesoft.com/icefaces/component"
xmlns:ace="http://www.icefaces.org/icefaces/components"
template="./newICEfacesTemplate.xhtml">
<ui:define name="top">
top
</ui:define>
<ui:define name="left">
left
</ui:define>
<ui:define name="content">
<ice:form id="panelform">
<ice:panelTabSet height="330px">
<ice:panelTab label="First Tab">
<ice:outputText value="First content"/>
</ice:panelTab>
<ice:panelTab label="Second Tab">
<ice:outputText value="Second content"/>
</ice:panelTab>
</ice:panelTabSet>
</ice:form>
</ui:define>
<ui:define name="bottom">
bottom
</ui:define>
</ui:composition>
============== End =============
As you can see in the above web.xml the directory Secured is protected. When I request client.jsp in the browser I am correctly redirected to the login page. After a successful authorization I get the client.jsp page correctly. I have currently set the session time out till only 3 minutes. I have also set the strictSessionTimeout to true. I have no redirect page in case of a session timeout. The problem is shown already without that.
======= Symptom ==========
After 3 minutes of inactivity you can't anymore click on the tabs => the GUI becomes totally unresponsive.
=======================
It is worth mentioning that without the realm I correctly get a popup indicating that the session has expired.
If you want I can share the war file or the source
Cheers,
// Jonas
This is a dump of the NetBeans project. Note that you'll still need to create the database tables and the MySQL realm