Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Won't Fix
-
Affects Version/s: 2.0.0
-
Fix Version/s: 3.0
-
Component/s: Framework
-
Labels:None
-
Environment:Debian or OpenSUSE, Java SUN or OpenJDK, Glassfish 3.0.1, IceFaces 2.0.0
-
Assignee Priority:P1
-
ICEsoft Forum Reference:
-
Workaround Exists:Yes
-
Workaround Description:
Description
==== create realm ==============
sudo /opt/glassfishv3/glassfish/bin/asadmin create-auth-realm --classname com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm --property jaas-context=jdbcRealm:datasource-jndi=card:user-table=employees:user-name-column=userid:password-column=password:group-table=employees:group-name-column=role:digest-algorithm=MD5 userauth
========== end =============
===== web.xml ================
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<param-name>com.icesoft.faces.uploadDirectory</param-name>
<param-value>upload</param-value>
</context-param>
<context-param>
<param-name>org.icefaces.strictSessionTimeout</param-name>
<param-value>true</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>Resource Servlet</servlet-name>
<servlet-class>com.icesoft.faces.webapp.CompatResourceServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/icefaces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Resource Servlet</servlet-name>
<url-pattern>/xmlhttp/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
3
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>Secured/client.jsf</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>protected</web-resource-name>
<description/>
<url-pattern>/Secured/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>ADMIN</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>userauth</realm-name>
<form-login-config>
<form-login-page>/Open/login.jsp</form-login-page>
<form-error-page>/Open/loginfailed.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Manages the employees</description>
<role-name>MANAGER</role-name>
</security-role>
</web-app>
========== End =============
===== sun-web.xml ============
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
<context-root>/SessionTimeOut</context-root>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
<security-role-mapping>
<role-name>ADMIN</role-name>
<group-name>ADMIN</group-name>
</security-role-mapping>
</sun-web-app>
======== End ===============
Now in the Open dir I have 2 files
login.jsp and loginfailed.jsp.
In the Secured dir I have created a client.xhtml that uses a template.xhml
======= client.xhtml =============
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ui:composition xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:icecore="http://www.icefaces.org/icefaces/core"
xmlns:ice="http://www.icesoft.com/icefaces/component"
xmlns:ace="http://www.icefaces.org/icefaces/components"
template="./newICEfacesTemplate.xhtml">
<ui:define name="top">
top
</ui:define>
<ui:define name="left">
left
</ui:define>
<ui:define name="content">
<ice:form id="panelform">
<ice:panelTabSet height="330px">
<ice:panelTab label="First Tab">
<ice:outputText value="First content"/>
</ice:panelTab>
<ice:panelTab label="Second Tab">
<ice:outputText value="Second content"/>
</ice:panelTab>
</ice:panelTabSet>
</ice:form>
</ui:define>
<ui:define name="bottom">
bottom
</ui:define>
</ui:composition>
============== End =============
As you can see in the above web.xml the directory Secured is protected. When I request client.jsp in the browser I am correctly redirected to the login page. After a successful authorization I get the client.jsp page correctly. I have currently set the session time out till only 3 minutes. I have also set the strictSessionTimeout to true. I have no redirect page in case of a session timeout. The problem is shown already without that.
======= Symptom ==========
After 3 minutes of inactivity you can't anymore click on the tabs => the GUI becomes totally unresponsive.
=======================
It is worth mentioning that without the realm I correctly get a popup indicating that the session has expired.
If you want I can share the war file or the source
Cheers,
// Jonas
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion
This is a blocker for any type of deployment with a REALM as the user experience is that the IceFaces application just freezes up. I'd say this is a pretty important thing to fix.
Can somebody please get back to me on this issue? At least to let me know if there are plans to address this or not. We can't move forward if this is not solved. We have started to look at alternatives, such as PrimFaces and others, but the whole project is done in IceFaces and ready to go. Please get back to me on this.
I have the same problem in my project
the pages freezes after session timeout
a reload correct the problem
The application also works with MySQL
no exception appends
Its very important
I had the same problem. I was able to work around it using Icefaces + Spring Security
http://wiki.icefaces.org/display/ICE/Spring+Security
Added test for session expiry in form based authenticated applications. Included workaround login page.
The application becomes frozen after the session has expired because any subsequent request will have as the response the login page, including AJAX postbacks. Since the login page is not a partial update nothing gets changed in the page.
The added test case includes a workaround that changes the JSP login page to respond with the HTML form entry markup on HTTP GET requests and with an error XML response in case of a POST request. This way when the session has expired and the user interacts with a the page (not loading it) the XML error response will be interpreted by the ICEfaces bridge and render the session expired popup.
Using a JSF login page is not possible because the requests made by the page for the JS resources will also receive the login page markup instead. Any other JSF mechanism will not work since the request does not reach the FacesServlet until the authentication is successful.
Attached the login page that can be used to send the XML error message on postbacks after session is expired.
Marking this issue as "won't fix" since a JSF/ICEfaces solution is not feasible.
Hi everybody,
I have (and I'm not the only one) exactly the same issue clicking on panelTab when the session is lost -->the GUI becomes unresponsive.
[window] Error [status: emptyResponse code: 200]: An empty response was received from the server. Check server error logs.
exception ? console.er...ror(formatOutput(category, message));
However, clicking on ice:commandLink or commandButton component, when the session is lost works well!!!! The JsfRedirectStratefy class from spring-secucirty 3, is able detect and redirect to my login page.
Hence, this is only when I click on panelTab component that my application becomes unresponsive.
Could anybody explain in details the workaround by ice push?
thanks
This is a dump of the NetBeans project. Note that you'll still need to create the database tables and the MySQL realm