Session time out

**Asterius** · 30/03/2010, 15h41

Bonjour,

Je me permet de reposter ici un message resté sans réponse dans le forum JSF... J'espère que quelqu'un saura m'aider?

J'ai un soucis un peu bizarre avec le time-out dans mon application :
Quand une session se termine, et que l'utilisateur clique sur un lien, il est redirigé correctement sur la page de login. Par contre, une fois qu'il veut se reconnecter, paf, on obtient le crash suivant :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
javax.servlet.ServletException
    javax.faces.webapp.FacesServlet.service(FacesServlet.java:256)
     org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206)
    org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
     org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388)
    org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
     org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
     org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:116)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:277)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
     org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
     org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
cause mère 
java.lang.NullPointerException
     com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:191)
    com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:266)
     com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:132)
    javax.faces.webapp.FacesServlet.service(FacesServlet.java:244)
     org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206)
    org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
     org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388)
    org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
     org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
     org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:116)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:277)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
     org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
     org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
     org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
     org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
     org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

Je ne comprend pas à quoi c'est du, ni comment corriger ce soucis. Peut-être est-ce quelque chose que j'aurais mal configuré dans spring security? Voici ma config à tout hasard :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xsi:schemaLocation="http://www.springframework.org/schema/beans  
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security
         http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
 
    <http  entry-point-ref="authenticationProcessingFilterEntryPoint">
        <intercept-url pattern="/css/**" filters="none" />
        <intercept-url pattern="/img/**" filters="none" />
        <intercept-url pattern="/upload/**" filters="none" />
        <intercept-url pattern="/js/**" filters="none" />
        <intercept-url pattern="/a4j/**" filters="none" />
        <intercept-url pattern="/log*" filters="none" /> <!--  Login / logout -->
        <intercept-url pattern="/j_spring*"  access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/pages/admin/**"  access="ROLE_DEVELOPER,ROLE_ADMINISTRATOR" />
        <intercept-url pattern="/pages/site/**"  access="ROLE_DEVELOPER,ROLE_ADMINISTRATOR" />
        <intercept-url pattern="/pages/**"  access="ROLE_DEVELOPER,ROLE_ADMINISTRATOR,ROLE_MANAGER" />
        <intercept-url pattern="/**" access="ROLE_DEVELOPER" />
        <anonymous />
        <http-basic />
    </http>
 
    <!-- Authentication : user our own UserDetailsService  implementation -->
 
    <authentication-manager alias="authenticationManager" />  <!-- Allow other beans to point to authentication manager -->
 
    <authentication-provider  user-service-ref="userDetailsService">
        <password-encoder hash="sha">
            <salt-source user-property="salt"/>
        </password-encoder>
    </authentication-provider>
 
    <beans:bean id="userDetailsService"  class="mypackage.security.UserDetailsServiceImpl" autowire="byName"/>
 
    <beans:bean id="passwordEncoder"  class="org.springframework.security.providers.encoding.ShaPasswordEncoder"/>
 
    <beans:bean id="authenticationProcessingFilterEntryPoint"  class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">  
        <beans:property name="loginFormUrl" value="/login.html" />  
        <beans:property name="forceHttps" value="false" /> 
    </beans:bean> 
 
    <!-- Custom authentication filter to allow doing some other  business logic when a user logs in (via login form) -->  
 
    <beans:bean id="authenticationFilter"  class="mypackage.security.CustomAuthenticationProcessingFilter"  autowire="byName">  
        <custom-filter  position="AUTHENTICATION_PROCESSING_FILTER"/><!-- Override the  default one -->
        <beans:property name="authenticationManager"  ref="authenticationManager" /> 
        <beans:property name="authenticationFailureUrl"  value="/login.html?login_error=1" /> 
        <beans:property name="defaultTargetUrl"  value="/pages/home.html" />
        <beans:property name="alwaysUseDefaultTargetUrl" value="true"  /> 
        <beans:property name="filterProcessesUrl"  value="/j_spring_security_check" /> 
        <beans:property  name="continueChainBeforeSuccessfulAuthentication" value="false" /> 
        <beans:property name="rememberMeServices"  ref="rememberMeServices" /> 
    </beans:bean>
 
    <!-- Custom RememberMeProcessing filter to allow doing other  business logic when a user logs in (via cookie)-->      
 
    <beans:bean id="rememberMeProcessingFilter"  class="mypackage.security.CustomRememberMeProcessingFilter"  autowire="byName"> 
      <custom-filter position="REMEMBER_ME_FILTER" /> <!--  Override the default one -->
      <beans:property name="rememberMeServices"  ref="rememberMeServices"/> 
      <beans:property name="authenticationManager"  ref="authenticationManager" /> 
    </beans:bean>  
 
    <beans:bean id="rememberMeServices"  class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">  
        <beans:property name="userDetailsService"  ref="userDetailsService" /> 
        <beans:property name="key" value="springRocks" /> 
    </beans:bean>
 
    <beans:bean id="rememberMeAuthenticationProvider"  class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">  
      <!-- This ensures that remember-me is added as an  authentication provider --> 
      <custom-authentication-provider /> 
      <beans:property name="key" value="springRocks"/> 
    </beans:bean> 
 
    <!-- Custom Logout filter to allow doing other business logic  when a user logs out -->    
 
    <beans:bean id="logoutFilter"  class="org.springframework.security.ui.logout.LogoutFilter"  autowire="byName"> 
        <custom-filter position="LOGOUT_FILTER" /> <!--  Override the default one -->
        <beans:constructor-arg value="/login.html" /> <!-- URL  redirected to after logout -->
        <beans:constructor-arg> 
            <beans:list> 
                <beans:ref bean="rememberMeServices" /> 
                <!-- I add a bean here to perform some custom tasks  when the user logs out --> 
                <beans:bean  class="mypackage.security.CustomSecurityLogoutHandler"/> 
            </beans:list> 
        </beans:constructor-arg> 
    </beans:bean>  
 
    <beans:bean id="loggerListener"  class="org.springframework.security.event.authentication.LoggerListener"  />  
 
</beans:beans>

Merci pour votre aide!

Session time out

Spring Java

Mode arborescent

Discussions similaires

Partager

Partager