Sunday, July 3, 2011

Oracle WebCenter 11g PS3/PS4 Workaround for User Session Timeout Error 404

Most of you who are developing/using WebCenter 11g PS3/PS4 apps, probably noticed one annoying behavior related to user session timeout - Error 404 Resource not Found. Starting from ADF 11g PS3, user session timeout is handled by ADF with a new session timeout warning functionality. By default, 2 minutes before session expiry, ADF informs user to resume activity, if no action was taken after 2 minutes another warning message will inform about session timeout. Once user comes back and press OK for session timeout warning - automatic redirect happens to landing login page, this behavior is controlled by ADF Security. Read more about session timeout warning functionality from Frank Nimphius blog - How-to enable user session time out warning (JDev 11.1.1.4).

While this works well with ADF, it doesn't want to work so well with WebCenter. Mainly because WebCenter navigation model prevents ADF Security to redirect successfully to login page. However, I have found workaround for WebCenter project as well, you are free to use it, until it will be fixed in future versions. Download sample WebCenter 11g PS4 application, where user session timeout is handled properly - EnterprisePortalApp_v4.zip. I will describe below, what type of workaround is applied for this sample application.

Described error is reproduced with any type of WebCenter 11g PS3/PS4 application.

In order to reproduce user session timeout error, enable session timeout period for 5 minutes time:


When user session will be about to expire, we receive initial warning message:


Finally, if user takes no action, user session expires:


Not in 100% of the cases, but in 95% - when user press OK, WebCenter application generated Error 404 - Not Found:


This happens because WebCenter navigation model prevents ADF Security to redirect to login page successfully. Instead it keeps pointing to previously selected menu item from WebCenter navigation model. Since session becomes expired now, authentication is lost and we don't have access to navigation model anymore - its why Error 404 - Not Found is generated.

We can workaround this by defining our own filter class WCSessionExpiryFilter and mapping it to Faces Servlet - this would allow to intercept all requests processed by application:


Filter class should be predefined with initialization parameter describing URL address to redirect after session timeout will happen. In my case it will be login page -  /faces/oracle/webcenter/portalapp/pages/login.jspx:


Main logic for this workaround is implemented inside our custom filter class, doFilter() method:


We are relying on ADF Security and trying to access User Principal object from request. User Principal can be Null, when user is not authenticated. Or in other words, either user is not yet logged in, or session was expired. We need to check request URI, in case if login page is accessed during request - we do nothing. But in case when User Principal is Null and request URI is not pointing to login page, we would force to redirect to login page and ignore unauthenticated navigation from WebCenter - its when user session expired:


Confirm Page Expired message by pressing OK button and now we are redirected nicely to login page, thanks to our custom filter class described above:


10 comments:

Bijesh Krishnadas said...

Brilliant work, Andrejus. This also helps solve a login/security related issue I was working through. http://bit.ly/kNYeRu

Andrej Baranovskij said...

Thanks, I'm happy it helps !

Andrejus

Unknown said...

Another great post!

Vijay Kumar Yenne said...

I was about to post this issue on the webcenter forum this morning and i bounced up on your blog which saved me lot of time. Thanks Adrejus for the learning shared today, its indeed helpful.

Andrew Rosson said...

Yeah great post.Thanks heaps. I faced a similar issue, with loads of 404 errors all happening with unauthenticated sessions and the navigation model.
We changed the java file a little.

if (!httpServletRequest.isRequestedSessionIdValid() && !httpServletRequest.getRequestURI().endsWith("home"))

This does not actually fix our odd page error, but at least it prevents a 404 page from being displayed, as it redirects errored sessions to the home page.

Andrej Baranovskij said...

Thanks for update:-)

Durgesh Sahu said...

Hi Andrejus,
Its again a really a nice post by you regarding the webcenter portal application. I always follow your blogs and it helped me lot.
This time i need to go through the session and cookie management in webcenter portal app.
Can you provide any information regarding this..!
Thanks

Pranab said...

Hi Andrejus,

I have a very strange issue in my portal. I am using WebCenter PS4, and used Portlet in the landing/home page. The portlet will only provide output if we give some input value and click the button. But I am getting one NullPointer exception in log file for portlet, whenever the user login, and after logged in there were no such exception. I have consumed the portlet, although the exception is not causing any harm to other data but it display in the log file. I am pasting the error, need your input.

StackTrace:
=======================

===================================
- Pranab

Viswanath G said...

Hi Andrejus,

I implemented Session Expiry workaround in our 11.1.1.4 Custom WebCenter Portal and it worked fine, as in your blog.
After expiry it goes to login.jspx and then home.jspx after login.

We migrated the app to 11.1.1.6 and now, after session expiry:
1. It goes to login.jspx
2. Redirects to the jspx page where session has expired, instead of home.jspx

Can you suggest what should be done to make it redirect to home.jspx as it was with 11.1.1.4?

Regards
Viswanath G

Unknown said...

Thanks ANDREJUS, it was useful and fixed most of the issues.