java – identity. Viewexpiredexception after logout(); In JBoss seam

Java

After my authenticationfilter redirects to the login page, I want to exit to the user

That's why I put identity logout(); In my pre render method login In checkpermission (...) of XHTML

However, when the user logs in again, I get viewexpiredexception

My question is

1: If I don't execute identity logout();, Because the old user session still exists, the user logs in again 2: If I execute identity logout();, I will receive viewexpiredexception

AuthenticationFilter. java

public class AuthenticationFilter implements Filter  {
    .....

    public void doFilter(ServletRequest servletRequest,ServletResponse servletResponse,FilterChain filterChain) throws IOException,ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpRequest.getSession();
        User user = (User) session.getAttribute(Constants.LOGIN_USER);
        if (user == null) {
            session.setAttribute(Constants.MESSAGE_ID,MessageId.required_TO_LOGIN);
            String loginView = httpRequest.getContextPath() + Constants.LOGIN_PAGE;
            httpResponse.sendRedirect(loginView);
        } else if (!user.getRole().equals(Role.SYstem_ADMINISTRATOR)) {
            System.out.println("User Role : " + user.getRole());
            session.setAttribute(Constants.MESSAGE_ID,MessageId.required_TO_ADMIN_ROLE);
            String loginView = httpRequest.getContextPath() + Constants.LOGIN_PAGE;
            httpResponse.sendRedirect(loginView);
        } else {
            filterChain.doFilter(servletRequest,servletResponse);
        }
        servletContext.log("Exiting the filter");
    }

    public void destroy() {
    }
}

login. xhtml

....
<f:event listener="#{LoginBean.checkPermission}" type="preRenderView" />
....

LoginBean. java

@Scope(ScopeType.EVENT)
@Name("LoginBean")
public class LoginBean extends BaseBean {
    ....

    public boolean authenticate() {
        ....
    }

    public void checkPermission(ComponentSystemEvent event) {
        FacesContext context = getFacesContext();
        ExternalContext  extContext = context.getExternalContext();
        String messageId = (String) extContext.getSessionMap().remove(Constants.MESSAGE_ID);
        if(messageId != null) {
            identity.logout();
            addMessage(null,FacesMessage.SEVERITY_ERROR,messageId);   
        }
    }
}

Solution

Do not use identity logout(); In the prerenderview method In authenticationfilter, if you want to lock the current session and create a new session, do the following before passing the messageid

if(...) {
    session.invalidate();
    session = httpRequest.getSession(true); 
    ....
} else if(...){
    session.invalidate();
    session = httpRequest.getSession(true); 
    ....
}
The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>