JSF 2、Spring Security 3.x 和 Richfaces 4 在 ajax 请求的会话超时时重定向到登录页面 [英] JSF 2, Spring Security 3.x and Richfaces 4 redirect to login page on session time out for ajax requests
问题描述
这似乎是一个非常普遍的问题.但我找不到任何可行的解决方案.我们使用的是 Richafaces 4、Myfaces 2.0.5 和 Spring security 3.0.X.
It seems a very common problem. But I couldn't find any working solution. We are using Richafaces 4, Myfaces 2.0.5 and Spring security 3.0.X.
在 ajax/非 ajax 请求的会话时间,用户应该被重定向到登录页面.在重新登录后,他应该显示之前执行的 ajax/非 ajax 操作.
On session time for ajax/non ajax requests, the user should be redirected to log in page.after logging back he should be shown the previously performed ajax/non ajax operation.
我们没有遇到非 ajax 请求的任何问题.但是对于ajax请求,用户不会被重定向到登录页面.
We are not facing any issue with non ajax requests. But for ajax requests, the user is not redirected to log in page.
我已经点击了这个链接 https://community.jboss.org/message/729913#729913 并实现了 servlet 方法.该解决方案适用于 Firefox,而不适用于 IE 8.
I have followed this link https://community.jboss.org/message/729913#729913 and implemented servlet approach. the solution worked in Firefox, not in IE 8.
即使在会话超时时正确重定向到登录页面,也可能存在另一个问题.我期待在成功登录之前调用的 ajax 请求时出现 ViewExpiredException.
There could be one more problem even if it is properly redirected to log in page on session time out. I am expecting a ViewExpiredException on successful login for the previously invoked ajax request.
我想带来 ViewExpiredException,因为这两个问题可能相互关联.
I wanted to bring the ViewExpiredException, since both these problems could be related each other.
任何解决方案/线索将不胜感激.
Any solutions/leads will be appreciated.
推荐答案
由于您使用 Spring Security 3.0.x,您可以使用自定义 sessionManagementFilter,如这里
Since you use Spring Security 3.0.x, you can use custom sessionManagementFilter as described here
com.icesoft.spring.security.JsfRedirectStrategy 类在这里可用
The class com.icesoft.spring.security.JsfRedirectStrategy is available here
如果您使用的是 Spring Security 3.1.x,请进行这些更改
If you are using Spring Security 3.1.x make these changes
<beans:bean id="sessionManagementFilter" class="org.springframework.security.web.session.SessionManagementFilter">
<beans:constructor-arg name="securityContextRepository" ref="httpSessionSecurityContextRepository" />
<!-- this permits redirection to session timeout page from javascript/ajax or http -->
<beans:property name="invalidSessionStrategy" ref="jsfRedirectStrategy" />
</beans:bean>
<beans:bean id="jsfRedirectStrategy" class="com.icesoft.spring.security.JsfRedirectStrategy">
<beans:constructor-arg name="invalidSessionUrl" value="/general/logins/sessionExpired.jsf" />
</beans:bean>
<beans:bean id="httpSessionSecurityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"/>
对 JSFRedirectStrategy 类的唯一更改是前几行:
The only change to the JSFRedirectStrategy class are the first few lines:
public class JsfRedirectStrategy implements InvalidSessionStrategy {
protected final Log logger = LogFactory.getLog(getClass());
private String invalidSessionUrl;
private boolean contextRelative;
public JsfRedirectStrategy(String invalidSessionUrl){
this.invalidSessionUrl=invalidSessionUrl;
}
@Override
public void onInvalidSessionDetected(HttpServletRequest request,
HttpServletResponse response) throws IOException, ServletException {
String redirectUrl = calculateRedirectUrl(request.getContextPath(), invalidSessionUrl);
这也适用于 IE8.如果你有兴趣可以看看这个博客 也是,但我从未尝试过,因为上面的方法要容易得多.
This works with IE8 also. If you are interested you can look at this blog also, but I never tried this as the above was much easier.
仅供参考:如果你不做 Spring,有很多方法可以做到这一点:Primefaces 在他们的网站上这样做.链接或者更简单的导入 Omnifaces jar link
FYI: If you do not do Spring there are many ways to do this: Primefaces does this on their site. link Or even simpler by importing Omnifaces jar link
这篇关于JSF 2、Spring Security 3.x 和 Richfaces 4 在 ajax 请求的会话超时时重定向到登录页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
