会话的部分响应已过期
[英]partial-response on session expire
问题描述
We have a JSF 2.0, Primefaces 5.0, Spring Security 3.2.3.RELEASE application. 
我们有一个JSF 2.0,Primefaces 5.0,Spring Security 3.2.3.RELEASE应用程序。
To handle session timeout, I am using primefaces idleMonitor and p:dialog & javascript to display a countdown popup and redirect them back to login page. 为了处理会话超时,我正在使用primefaces idleMonitor和p:dialog&javascript显示倒计时弹出窗口,并将其重定向回登录页面。
I have also implemented a custom CacheControlPhaseListener so that the pages are not cached. 我还实现了一个自定义CacheControlPhaseListener,以便不缓存页面。 I set the no-cache in the response headers in the CacheControlPhaseListener. 我在CacheControlPhaseListener的响应标头中设置了非缓存。
<lifecycle><phase-listener id="nocache">com..filter.CacheControlPhaseListener</phase-listener></lifecycle>
I also have error handling configured in my web.xml: 我还在web.xml中配置了错误处理:
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/error.jsf</location></error-page>
I have also implemented a ViewExpiredHandler that extends ViewHandlerWrapper 我还实现了扩展ViewHandlerWrapper的ViewExpiredHandler
@Override
public UIViewRoot restoreView(FacesContext ctx, String viewId)
{
UIViewRoot viewRoot = super.restoreView(ctx, viewId);
try
{
if (viewRoot == null)
{
viewRoot = super.createView(ctx, viewId);
ctx.setViewRoot(viewRoot);
}
}
catch (Exception e)
{
e.printStackTrace();
}
return viewRoot;
}
The problem I am still having is: 我仍然遇到的问题是:
1. When the session expires on a idle page (Eg Search page) and if some ajax action is triggered on a page, even though I logout, when I navigate back to the page (eg Login-> Home-> Search page). 1.当会话在空闲页面(例如“搜索”页面)上到期并且即使在页面上触发了一些ajax操作时,即使我注销了,当我导航回到该页面时(例如,“登录”->“首页”->“搜索”页面)。 I see a partial-response xml error: 我看到了部分响应xml错误:
<partial-response><changes><update id="blGridId"><table id="blGridId" style="width:100%;"> <tbody> <tr> <td><div id="blTableId" class="ui-datatable ui-widget ui-datatable-scrollable ui-datatable-resizable"><div id="sublTableId_paginator_top" class="ui-paginator ui-paginator-top ui-widget-header ui-corner-top" role="navigation"><span class="ui-paginator-prev ui-state-default ui-corner-all ui-state-disabled"><span class="ui-icon ui-icon-seek-prev">p</span></span><span class="ui-paginator-next ui-state-default ui-corner-all ui-state-disabled"><span class="ui-icon ui-icon-seek-next">p</span></span></div><div class="ui-widget-header ui-datatable-scrollable-header"><div class="ui-datatable-scrollable-header-box"><table role="grid"><thead id="blTableId_head"><tr role="row"><th id="blTableId:j_idt101" class="ui-state-default ui-resizable-column" role="columnheader" style="width:34px; #width:37px;"><span class="ui-column-title"><span style="word-wrap: break-word;white-space: normal;">Client </span></span></th><th id="blTableId:j_idt104" class="ui-state-default
2. If I hit a browser refresh, it loads back the page and I can continue with the actions. 2.如果单击浏览器刷新,它将重新加载页面,然后我可以继续执行操作。
Please let me know what I need to do in addition to the above to resolve the partial-response error. 除了上述内容之外,请让我知道我还需要做什么来解决部分响应错误。 Do I need to add a servlet filter to invalidate the session? 我是否需要添加Servlet过滤器以使会话无效?
I would really appreciate any help and feedback on this as it is high priority. 我非常感谢对此给予任何帮助和反馈,因为它是当务之急。
1 个解决方案
解决方案1
0 2017-05-30 02:02:29
I had got the same issue when session had been expired. 会话过期后,我遇到了同样的问题。 I thought it was too late, but maybe would be helpful for others who has issues like me. 我认为为时已晚,但是对于像我这样的问题的其他人可能会有所帮助。
The root cause is Spring Security saves the last request before redirecting client to do the authentication. 根本原因是Spring Security在重定向客户端以进行身份验证之前保存了最后一个请求。 After then, Spring security would try to perform the request again when user visits the page of last request. 之后,当用户访问上一个请求的页面时,Spring Security将尝试再次执行该请求。 Unfortunately, the request was ajax/partial and its view was expired -> partial xml content was returned. 不幸的是,该请求是ajax / partial并且其视图已过期->返回了xml部分内容。
Easy way to get rid of this issue is removing the saving behavior of Spring Security. 摆脱这个问题的简便方法是删除Spring Security的保存行为。 SavedRequestAwareAuthenticationSuccessHandler class is used to handle these kind of behaviours. SavedRequestAwareAuthenticationSuccessHandler类用于处理此类行为。 Configure as: 配置为:
<bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"
p:authenticationManager-ref="authenticationManager"
p:authenticationFailureHandler-ref="authenticationFailureHandler"
p:authenticationSuccessHandler-ref="authenticationSuccessHandler"
p:usernameParameter="username"
p:passwordParameter="password">
</bean>
...
<bean id="authenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"
p:defaultTargetUrl="/"
p:alwaysUseDefaultTargetUrl="true"/>
Hope it would help. 希望这会有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.