Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why FullAjaxExceptionHandler does not simply perform an ExternalContext#redirect()?

In OmniFaces, the FullAjaxExceptionHandler, after having found the right error page to use, calls the JSF runtime to build the view and render it instead of the page that includes the AJAX call.

Why this? IMHO it would be simpler to just perform a ExternalContext#redirect()? Are there specific reasons to do this?

We are writing our own ExceptionHandler based on FullAjaxExceptionHandler and wanted to understand the reason behind this design.

like image 631
titou10 Avatar asked Oct 27 '14 13:10

titou10


1 Answers

The primary goal of the FullAjaxExceptionHandler is to let exceptions during ajax requests to behave exactly the same as exceptions during non-ajax requests. The developer must be able to reuse the error pages across both conditions without worrying about the condition while implementing the error pages.

A redirect isn't part of the normal flow during non-ajax requests. The default <error-page> mechanism in web.xml performs a forward to display the error page, not a redirect. If a redirect was performed, all error page request attributes such as javax.servlet.error.exception would get lost and render as null. Moreover, normal practice is to place error pages in /WEB-INF to prevent endusers from being able to directly access (and bookmark and share) them. A redirect would require them to be publicly accessible, which indicates a major design problem (is the intented target page actually a real error page?).

If you really need to perform a redirect to/from your error page, either homegrow a custom exception handler which explicitly invokes ExternalContext#redirect() and doesn't utilize web.xml <error-page> mechanism, or add a <meta http-equiv="refresh" ...> to the HTML head of the error page in question (example here).

In case you actually intended to redirect to some login page when a ViewExpiredException occurs, then you should realize that there's a big difference between the cases of "User is not logged in" and "Session/view is expired". For the former, you should not be catching ViewExpiredException at all, but use a simple servlet filter which checks if the user is logged in and redirect accordingly, long before the FacesServlet is invoked. A normal authentication framework (JAAS, Shiro, Spring Security, etc) also works that way.

See also:

  • What is the good approach to forward the exception from servlets to a jsp page?
  • What is the difference between redirect and navigation/forward and when to use what?
  • Why use a JSF ExceptionHandlerFactory instead of <error-page> redirection?
  • Check if session exists JSF
  • Authorization redirect on session expiration does not work on submitting a JSF form, page stays the same
like image 158
BalusC Avatar answered Oct 03 '22 16:10

BalusC