Most of you who are developing/using WebCenter 11g PS3/PS4 apps, probably noticed one annoying behavior related to user session timeout - Error 404 Resource not Found. Starting from ADF 11g PS3, user session timeout is handled by ADF with a new session timeout warning functionality. By default, 2 minutes before session expiry, ADF informs user to resume activity, if no action was taken after 2 minutes another warning message will inform about session timeout. Once user comes back and press OK for session timeout warning - automatic redirect happens to landing login page, this behavior is controlled by ADF Security. Read more about session timeout warning functionality from Frank Nimphius blog - How-to enable user session time out warning (JDev 11.1.1.4).
While this works well with ADF, it doesn't want to work so well with WebCenter. Mainly because WebCenter navigation model prevents ADF Security to redirect successfully to login page. However, I have found workaround for WebCenter project as well, you are free to use it, until it will be fixed in future versions. Download sample WebCenter 11g PS4 application, where user session timeout is handled properly - EnterprisePortalApp_v4.zip. I will describe below, what type of workaround is applied for this sample application.
Described error is reproduced with any type of WebCenter 11g PS3/PS4 application.
In order to reproduce user session timeout error, enable session timeout period for 5 minutes time:
When user session will be about to expire, we receive initial warning message:
Finally, if user takes no action, user session expires:
Not in 100% of the cases, but in 95% - when user press OK, WebCenter application generated Error 404 - Not Found:
This happens because WebCenter navigation model prevents ADF Security to redirect to login page successfully. Instead it keeps pointing to previously selected menu item from WebCenter navigation model. Since session becomes expired now, authentication is lost and we don't have access to navigation model anymore - its why Error 404 - Not Found is generated.
We can workaround this by defining our own filter class WCSessionExpiryFilter and mapping it to Faces Servlet - this would allow to intercept all requests processed by application:
Filter class should be predefined with initialization parameter describing URL address to redirect after session timeout will happen. In my case it will be login page - /faces/oracle/webcenter/portalapp/pages/login.jspx:
Main logic for this workaround is implemented inside our custom filter class, doFilter() method:
We are relying on ADF Security and trying to access User Principal object from request. User Principal can be Null, when user is not authenticated. Or in other words, either user is not yet logged in, or session was expired. We need to check request URI, in case if login page is accessed during request - we do nothing. But in case when User Principal is Null and request URI is not pointing to login page, we would force to redirect to login page and ignore unauthenticated navigation from WebCenter - its when user session expired:
Confirm Page Expired message by pressing OK button and now we are redirected nicely to login page, thanks to our custom filter class described above:
While this works well with ADF, it doesn't want to work so well with WebCenter. Mainly because WebCenter navigation model prevents ADF Security to redirect successfully to login page. However, I have found workaround for WebCenter project as well, you are free to use it, until it will be fixed in future versions. Download sample WebCenter 11g PS4 application, where user session timeout is handled properly - EnterprisePortalApp_v4.zip. I will describe below, what type of workaround is applied for this sample application.
Described error is reproduced with any type of WebCenter 11g PS3/PS4 application.
In order to reproduce user session timeout error, enable session timeout period for 5 minutes time:
When user session will be about to expire, we receive initial warning message:
Finally, if user takes no action, user session expires:
Not in 100% of the cases, but in 95% - when user press OK, WebCenter application generated Error 404 - Not Found:
This happens because WebCenter navigation model prevents ADF Security to redirect to login page successfully. Instead it keeps pointing to previously selected menu item from WebCenter navigation model. Since session becomes expired now, authentication is lost and we don't have access to navigation model anymore - its why Error 404 - Not Found is generated.
We can workaround this by defining our own filter class WCSessionExpiryFilter and mapping it to Faces Servlet - this would allow to intercept all requests processed by application:
Filter class should be predefined with initialization parameter describing URL address to redirect after session timeout will happen. In my case it will be login page - /faces/oracle/webcenter/portalapp/pages/login.jspx:
Main logic for this workaround is implemented inside our custom filter class, doFilter() method:
We are relying on ADF Security and trying to access User Principal object from request. User Principal can be Null, when user is not authenticated. Or in other words, either user is not yet logged in, or session was expired. We need to check request URI, in case if login page is accessed during request - we do nothing. But in case when User Principal is Null and request URI is not pointing to login page, we would force to redirect to login page and ignore unauthenticated navigation from WebCenter - its when user session expired:
Confirm Page Expired message by pressing OK button and now we are redirected nicely to login page, thanks to our custom filter class described above:
