Invoke method just before session expires

Question

My webapp has users who login. There is a timeout. Before the session expires, I would like to execute a method to cleanup some locks.

I've implemented a sessionListener but once I reach public void sessionDestroyed(HttpSessionEvent event) the session is already gone and I need some data from it, so I would like to execute a method (which needs the session alive and be able to access FacesConfig.getCurrentInstance()) before the session is actually expired.

How can I do that? Any ideas? This is my Session Listener:

public class MySessionListener implements HttpSessionListener {

    private static final Logger log = LoggerFactory.getLogger(MySessionListener.class);

    public MySessionListener() {

    }

    public void sessionCreated(HttpSessionEvent event) {
        log.debug("Current Session created : "
              + event.getSession().getId()+ " at "+ new Date());
    }

    public void sessionDestroyed(HttpSessionEvent event) {
        // get the destroying session...

        HttpSession session = event.getSession();
        prepareLogoutInfoAndLogoutActiveUser(session);

        log.debug("Current Session destroyed :"
              + session.getId()+ " Logging out user...");

        /*
         * nobody can reach user data after this point because 
         * session is invalidated already.
         * So, get the user data from session and save its 
         * logout information before losing it.
         * User's redirection to the timeout page will be 
         * handled by the SessionTimeoutFilter.
         */

         // Only if needed
    }

    /**
     * Clean your logout operations.
     */
    public void prepareLogoutInfoAndLogoutActiveUser(HttpSession httpSession) {
        UserBean user = FacesContext.getCurrentInstance().getApplication().evaluateExpressionGet(FacesContext.getCurrentInstance(), "#{user}", UserBean.class);
        LockBean lock = FacesContext.getCurrentInstance().getApplication().evaluateExpressionGet(FacesContext.getCurrentInstance(), "#{lock}", LockBean.class);
        lock.unlock(user.getUsername());
        log.info("Unlocked examination for user: "+user.getUsername());
    }
}

But I'm getting NullPointerException at FacesContext.getCurrentInstance().getApplication() because either getCurrentInstance is null or getApplication returns null

Answer 1

You can achieve that by implementing a HttpSessionBindingListener you need to register a session which holds a lock by calling registerSession (the string "sessionBindingListener" may not be changed). The container will callback the valueUnbound() method after the session timed out and before the session is destroyed.

public class ObjectLock implements Serializable,HttpSessionBindingListener {
    public void valueBound(HttpSessionBindingEvent event) {
        log.info("valueBound:" + event.getName() + " session:" + event.getSession().getId() );

    }

    public void registerSession() {
        FacesContext.getCurrentInstance().getExternalContext().getSessionMap().put( "sessionBindingListener", this  );
        log.info( "registered sessionBindingListener"  );
    }

    public void valueUnbound(HttpSessionBindingEvent event) {
        log.info("valueUnBound:" + event.getName() + " session:" + event.getSession().getId() );
               // add you unlock code here:
        clearLocksForSession( event.getSession().getId() );
    }
}

Answer 2

One more elegant solution:

Just add a @PreDestroy Annotation to a Session-Bean! If the Session is going to be destroyed, it will call PreDestroy on all SessionBeans beforehand, there you can logout and everything!

Although this doesn't currently work with many ApplicationServers, seems to be an unclear segment of the JSF Specification. So going with the accepted answer (HttpSessionBindingListener) will be necessary, until @PreDestroy will work as intended on all servers.