org.icefaces.application.SessionExpiredException: Session has expired

**sword101** · Oct 12th, 2011, 10:39 AM

i am getting the above exception when trying to login in icefaces with spring security, and i don't have any session configuration in my web.xml
i am getting the exception when clicking on login button in the jsf page
i am using JSF 2,ICEfaces 2,Spring Security 3

org.icefaces.application.SessionExpiredException: Session has expired

please guide me if there's something wrong with my code, or i am missing something or what ?
thanks in advance.

1-web.xml:

Code:

<?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
      <display-name>myapp</display-name>
      
      <listener>
        <listener-class>
    		org.springframework.web.context.ContextLoaderListener
    	</listener-class>
      </listener>
      
      <listener>
        <listener-class>
    		org.springframework.web.context.request.RequestContextListener
    	</listener-class>
      </listener>
      
      <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
            classpath:META-INF/spring/applicationContext.xml
            classpath:META-INF/spring/applicationSecurity.xml
            </param-value>
            
      </context-param>
      
      <!-- Activating the Expression Language -->
        <context-param>
            <param-name>com.sun.faces.expressionFactory</param-name>
            <param-value>com.sun.el.ExpressionFactoryImpl</param-value>
        </context-param>
      
      <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
      </context-param>
      
      <welcome-file-list>
        <welcome-file>faces/users.xhtml</welcome-file>
      </welcome-file-list>
      
      <context-param>
        <description>State saving method: 'client' or 'server' (=default). See JSF Specification 2.5.2</description>
        <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
        <param-value>server</param-value>
      </context-param>
      
      <context-param>
        <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
        <param-value>resources.application</param-value>
      </context-param>
      
      <listener>
        <listener-class>com.sun.faces.config.ConfigureListener</listener-class>
      </listener>
      
      <context-param>
        <param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
        <param-value>true</param-value>
      </context-param>
    
      
      <servlet>
        <servlet-name>Resource Servlet</servlet-name>
        <servlet-class>com.icesoft.faces.webapp.CompatResourceServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
      </servlet>
      
      <servlet-mapping>
        <servlet-name>Resource Servlet</servlet-name>
        <url-pattern>/xmlhttp/*</url-pattern>
      </servlet-mapping>
    
      <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
      </servlet>
      
      <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
        <url-pattern>/icefaces/*</url-pattern>
      </servlet-mapping>
      
      <!-- Spring Security -->
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>
                org.springframework.web.filter.DelegatingFilterProxy
            </filter-class>
        </filter>
    
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
      
    </web-app>

2- applicationSecurity.xml:

Code:

<beans:beans xmlns="http://www.springframework.org/schema/security"  
    	xmlns:beans="http://www.springframework.org/schema/beans" 
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
              http://www.springframework.org/schem...-beans-3.1.xsd
              http://www.springframework.org/schema/security
              http://www.springframework.org/schema/security/spring-security-3.0.4.xsd">
    
        
        
    	    <global-method-security pre-post-annotations="enabled" />  	
    	    <http use-expressions="true" >
    	  
    	    <session-management session-fixation-protection="migrateSession"/>
            <remember-me  token-validity-seconds="1209600"/>
            
            <!-- All pages requires authentication (not anonymous user) -->
            <intercept-url pattern="/faces/**" access="isAuthenticated()" />
            
            <!-- Exclude the login page from the security check -->
            <intercept-url pattern="/faces/login.xhtml" filters="none"/>
              
    
    		<intercept-url pattern="/images/**" filters="none" />
    		<intercept-url pattern="/scripts/**" filters="none" />
    		<intercept-url pattern="/css/**" filters="none" />	
    		
    		<!-- Returns true if the user is not anonymous -->
    		
    				  
    		<access-denied-handler error-page="/error"/>
    			    
    	    <form-login default-target-url="/users"	 
    	    always-use-default-target="true"   			
    			login-processing-url="/j_spring_security_check"			
    			login-page="/faces/login.xhtml"
    			authentication-failure-url="/login?login_error=1"																
    		/>
    					
    		<logout logout-url="/logout" logout-success-url="/login" />		
    	</http>
    
    
    	<authentication-manager alias="authenticationManager">		 	
    	<authentication-provider user-service-ref="userDetailsServiceImpl">
    
    						 
                         
    		</authentication-provider>
    	</authentication-manager>
    	
    	
    	</beans:beans>

**sword101** · Oct 12th, 2011, 10:40 AM

3- login.xhtml:

Code:

<?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
                          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml"
    	xmlns:h="http://java.sun.com/jsf/html"
    	xmlns:f="http://java.sun.com/jsf/core"
    	xmlns:ice="http://www.icesoft.com/icefaces/component"
    	xmlns:ace="http://www.icefaces.org/icefaces/components">
    	    
            
                <h:head>
                    <ice:outputStyle href="./resources/stylesheet.css" id="outputStyle1"/>
                    <ice:outputStyle href="./xmlhttp/css/xp/xp.css" id="outputStyle2"/>
                </h:head>
                <h:body bgcolor="#677070" id="outputBody1" style="-rave-layout: grid">
                    
                        <ice:panelLayout id="panelLayout2" style="border-width: 1px; background-color:#d9dbdb ; height: 100%; left: 0px; top: 0px; position: absolute; width: 40%"/>
                        <ice:panelLayout id="panelLayout3" style="border-width: 3px; border-style: solid; border-color: rgb(51, 0, 0) rgb(51, 0, 0) rgb(51, 0, 0) rgb(51, 0, 0); background-color: rgb(255, 255, 255); height: 330px; left: 408px; top: 144px; position: absolute; width: 570px; -rave-layout: grid">
                           <h:form>
                            <ice:graphicImage id="graphicImage1" style="height: 322px; left: 0px; top: 0px; position: absolute" url="/resources/images/LoginImage.jpg" width="560"/>
                            <ice:outputLabel for="j_username" id="outputLabel1" style="left: 48px; top: 120px; position: absolute" value="Username:"/>
                            <ice:outputLabel for="j_password" id="outputLabel2" style="left: 48px; top: 168px; position: absolute" value="Password:"/>
                            <ice:inputText binding="#{login.username}" id="j_username" required="true"
                                style="left: 142px; top: 118px; position: absolute; width: 237px" />
                            <ice:inputSecret binding="#{login.password}" id="j_password" required="true" style="left: 142px; top: 166px; position: absolute; width: 237px"/>
                            <ice:commandButton  actionListener="#{login.login}" id="loginBtn" style="left: 144px; top: 240px; position: absolute" value="Login"/>
                            <ice:commandButton action="#{login.reset}" id="resetBtn" style="position: absolute; left: 360px; top: 240px" value="Reset"/>
                            <ice:outputText id="errorMessage" style="left:0px;top:300px;position:absolute"/>
                            <ice:message errorClass="errorMessage"  for="j_username" fatalClass="fatalMessage" id="messages1" infoClass="infoMessage" showSummary="false"
                                style="height: 43px; left: 24px; top: 288px; position: absolute; width: 523px;color:red;" warnClass="warnMessage"/>
                       </h:form>
                        </ice:panelLayout>
                    
                </h:body>
            
    </html>

4- LoginBean:

Code:

package com.spring.sample.beans;
    
    import javax.faces.application.FacesMessage;
    import javax.faces.context.FacesContext;
    import javax.faces.event.ActionEvent;
    
    import org.apache.commons.logging.Log;
    import org.apache.commons.logging.LogFactory;
    import org.springframework.context.annotation.Scope;
    import org.springframework.security.web.authentication.AbstractProcessingFilter;
    import org.springframework.stereotype.Component;
    
    @SuppressWarnings("deprecation")
    @Component("login")
    @Scope("request")
    public class LoginBean {
    
    	Log log = LogFactory.getLog(getClass());
    
    	private String username;
    
    	private String password;
    
    	/**
    	 * default empty constructor
    	 */
    	public LoginBean() {
    
    		Exception ex = (Exception) FacesContext
    				.getCurrentInstance()
    				.getExternalContext()
    				.getSessionMap()
    				.get(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
    
    		if (ex != null)
    			FacesContext.getCurrentInstance().addMessage(
    					null,
    					new FacesMessage(FacesMessage.SEVERITY_ERROR, ex
    							.getMessage(), ex.getMessage()));
    
    	}
    
    	public void setUsername(String username) {
    		this.username = username;
    	}
    
    	public String getUsername() {
    		return username;
    	}
    
    	public String getPassword() {
    		return password;
    	}
    
    	public void setPassword(String password) {
    		this.password = password;
    	}
    
    	public void login(ActionEvent e) throws Exception {
    		log.debug("Login Button Action");
    		FacesContext
    				.getCurrentInstance()
    				.getExternalContext()
    				.redirect(
    						"/myapp/j_spring_security_check?j_username="
    								+ username + "&j_password=" + password);
    	}
    
    	public String reset() throws Exception {
    		setUsername("");
    		setPassword("");
    		return "";
    	}
    
    }

**sword101** · Oct 13th, 2011, 04:31 AM

any ideas guys ?

**Rob Winch** · Oct 13th, 2011, 07:39 AM

What does the full stack trace look like?

Thread: org.icefaces.application.SessionExpiredException: Session has expired

Thread Tools

Display

org.icefaces.application.SessionExpiredException: Session has expired

Posting Permissions