Skip to content

Instantly share code, notes, and snippets.

@priyankahdp

priyankahdp/MySessionListener.java

Created June 17, 2014 08:36
Show Gist options
  • Save priyankahdp/be578a92f55d29702928 to your computer and use it in GitHub Desktop.
Save priyankahdp/be578a92f55d29702928 to your computer and use it in GitHub Desktop.
Download ZIP
JSF Page Redirect Issue
Raw
applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:flex="http://www.springframework.org/schema/flex" xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/flex
http://www.springframework.org/schema/flex/spring-flex-1.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<import resource="databaseContext.xml" />
<import resource="client-beans.xml" />
<security:global-method-security secured-annotations="enabled" jsr250-annotations="enabled" />
<security:http auto-config="true" use-expressions="true">
<security:anonymous enabled="false" />
<security:intercept-url pattern="/cms-web-flex/*.swf*" filters="none" />
<security:intercept-url pattern="/cms-web-flex/home.html*" access="ROLE_USER" />
<security:intercept-url pattern="/jsf/*" access="isAuthenticated()" />
<security:intercept-url pattern="/login.jsp" filters="none" />
<security:form-login default-target-url="/jsf/home.jsf" login-page="/login.jsp" always-use-default-target="true" />
<security:logout invalidate-session="true" logout-url="/logout.html" logout-success-url="/login.jsp" />
</security:http>
<bean id="preAuthenticatedEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
<bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder">
<property name="passwordEncryptor" ref="passwordEncriptor"></property>
</bean>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsServiceClient">
<security:password-encoder ref="passwordEncoder"></security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<bean id="passwordEncriptor" class="org.jasypt.util.password.BasicPasswordEncryptor"/>
<context:annotation-config />
<context:component-scan base-package="**.******.***.***.service" />
</beans>
Raw
MySessionListener.java
package **.******.***.***.util;
import java.util.Date;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class MySessionListener implements HttpSessionListener {
public MySessionListener() {}
public void sessionCreated(HttpSessionEvent event) {
System.out.println("Current Session created : "+ event.getSession().getId() + " at " + new Date());
}
public void sessionDestroyed(HttpSessionEvent event) {
// get the destroying session...
HttpSession session = event.getSession();
System.out.println("Current Session destroyed :" + session.getId()+ " Logging out user...");
// Only if needed
try {
prepareLogoutInfoAndLogoutActiveUser(session);
} catch (Exception e) {
System.out.println("Error while logging out at session destroyed : "+ e.getMessage());
}
}
public void prepareLogoutInfoAndLogoutActiveUser(HttpSession httpSession) {}
}
Raw
SessionTimeoutFilter.java
package **.******.***.***.util;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class SessionTimeoutFilter implements Filter {
private final Log logger = LogFactory.getLog(SessionTimeoutFilter.class);
private String timeoutPage = "login.jsf";
public void init(FilterConfig filterConfig) throws ServletException {}
public void doFilter(ServletRequest request, ServletResponse response,FilterChain filterChain) throws IOException, ServletException {
if ((request instanceof HttpServletRequest)&& (response instanceof HttpServletResponse)) {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
// is session expire control required for this request?
if (isSessionControlRequiredForThisResource(httpServletRequest)) {
// is session invalid?
if (isSessionInvalid(httpServletRequest)) {
String timeoutUrl = httpServletRequest.getContextPath()+ "/" + getTimeoutPage();
logger.info("session is invalid! redirecting to timeoutpage : "+ timeoutUrl);
httpServletResponse.sendRedirect(timeoutUrl);
return;
}
}
}
filterChain.doFilter(request, response);
}
private boolean isSessionControlRequiredForThisResource(HttpServletRequest httpServletRequest) {
String requestPath = httpServletRequest.getRequestURI();
boolean controlRequired = !StringUtils.contains(requestPath,getTimeoutPage());
return controlRequired;
}
private boolean isSessionInvalid(HttpServletRequest httpServletRequest) {
boolean sessionInValid = (httpServletRequest.getRequestedSessionId() != null)&& !httpServletRequest.isRequestedSessionIdValid();
return sessionInValid;
}
public void destroy() {}
public String getTimeoutPage() {
return timeoutPage;
}
public void setTimeoutPage(String timeoutPage) {
this.timeoutPage = timeoutPage;
}
}
Raw
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<session-config>
<session-timeout>1</session-timeout>
</session-config>
<listener>
<listener-class>**.******.***.***.util.MySessionListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>SessionTimeoutFilter</filter-name>
<filter-class>**.******.***.***.util.SessionTimeoutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SessionTimeoutFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<mime-mapping>
<extension>jsp</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<context-param>
<param-name>javax.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE</param-name>
<param-value>true</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>flex.messaging.HttpFlexSession</listener-class>
</listener>
<servlet>
<servlet-name>cms-web</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>cms-web</servlet-name>
<url-pattern>/messagebroker/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<context-param>
<description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>resources.application</param-value>
</context-param>
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>login.jsf</welcome-file>
</welcome-file-list>
</web-app>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment