javax faces application ViewExpiredException View could not be restored

Question

I have written simple application with container-managed security. The problem is when I log in and open another page on which I logout, then I come back to first page and I click on any link etc or refresh page I get this exception. I guess it's normal (or maybe not:)) because I logged out and session is destroyed. What should I do to redirect user to for example index.xhtml or login.xhtml and save him from seeing that error page/message?

In other words how can I automatically redirect other pages to index/login page after I log out?

Here it is:

javax.faces.application.ViewExpiredException: viewId:/index.xhtml - View /index.xhtml could not be restored.
    at com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:212)
    at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
    at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:110)
    at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:312)
    at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1523)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:343)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:215)
    at filter.HttpHttpsFilter.doFilter(HttpHttpsFilter.java:66)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:215)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:277)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
    at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
    at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
    at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:325)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:226)
    at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165)
    at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791)
    at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693)
    at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954)
    at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170)
    at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
    at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
    at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
    at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
    at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
    at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
    at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
    at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
    at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
    at java.lang.Thread.run(Thread.java:619)

User · Answer

You coud use your own custom AjaxExceptionHandler or primefaces-extensions

Update your faces-config.xml

...
<factory>
  <exception-handler-factory>org.primefaces.extensions.component.ajaxerrorhandler.AjaxExceptionHandlerFactory</exception-handler-factory>
</factory>
...

Add following code in your jsf page

...
<pe:ajaxErrorHandler />
...

User · Answer

Have you tried adding lines below to your web.xml?

<context-param>
   <param-name>com.sun.faces.enableRestoreView11Compatibility</param-name>
   <param-value>true</param-value>
</context-param>

I found this to be very effective when I encountered this issue.

User · Answer

First what you have to do  before changing web xml is to make sure your ManagedBean implements Serializable    ManagedBean  ViewScoped public class Login implements Serializable       Especially if you use MyFaces

User · Answer

Introduction  The ViewExpiredException will be thrown whenever the javax faces STATE SAVING METHOD is set to server  default  and the enduser sends a HTTP POST request on a view via  lt h form gt  with  lt h commandLink gt    lt h commandButton gt  or  lt f ajax gt   while the associated view state isn t available in the session anymore    The view state is identified as value of a hidden input field javax faces ViewState of the  lt h form gt   With the state saving method set to server  this contains only the view state ID which references a serialized view state in the session  So  when the session is expired for some reason  either timed out in server or client side  or the session cookie is not maintained anymore for some reason in browser  or by calling HttpSession invalidate   in server  or due a server specific bug with session cookies as known in WildFly   then the serialized view state is not available anymore in the session and the enduser will get this exception  To understand the working of the session  see also How do servlets work  Instantiation  sessions  shared variables and multithreading   There is also a limit on the amount of views JSF will store in the session  When the limit is hit  then the least recently used view will be expired  See also com sun faces numberOfViewsInSession vs com sun faces numberOfLogicalViews   With the state saving method set to client  the javax faces ViewState hidden input field contains instead the whole serialized view state  so the enduser won t get a ViewExpiredException when the session expires  It can however still happen on a cluster environment   ERROR  MAC did not verify  is symptomatic  and or when there s a implementation-specific timeout on the client side state configured and or when server re-generates the AES key during restart  see also Getting ViewExpiredException in clustered environment while state saving method is set to client and user session is valid how to solve it   Regardless of the solution  make sure you do not use enableRestoreView11Compatibility  it does not at all restore the original view state  It basically recreates the view and all associated view scoped beans from scratch and hereby thus losing all of original data  state   As the application will behave in a confusing way   Hey  where are my input values        this is very bad for user experience  Better use stateless views or  lt o enableRestorableView gt  instead so you can manage it on a specific view only instead of on all views   As to the why JSF needs to save view state  head to this answer  Why JSF saves the state of UI components on server   Avoiding ViewExpiredException on page navigation  In order to avoid ViewExpiredException when e g  navigating back after logout when the state saving is set to server  only redirecting the POST request after logout is not sufficient  You also need to instruct the browser to not cache the dynamic JSF pages  otherwise the browser may show them from the cache instead of requesting a fresh one from the server when you send a GET request on it  e g  by back button     The javax faces ViewState hidden field of the cached page may contain a view state ID value which is not valid anymore in the current session  If you re  ab using POST  command links buttons  instead of GET  regular links buttons  for page-to-page navigation  and click such a command link button on the cached page  then this will in turn fail with a ViewExpiredException   To fire a redirect after logout in JSF 2 0  either add  lt redirect   gt  to the  lt navigation-case gt  in question  if any   or add  faces-redirect true to the outcome value     lt h commandButton value  Logout  action  logout faces-redirect true    gt    or  public String logout                    return  index faces-redirect true       To instruct the browser to not cache the dynamic JSF pages  create a Filter which is mapped on the servlet name of the FacesServlet and adds the needed response headers to disable the browser cache  E g    WebFilter servletNames   Faces Servlet       Must match  lt servlet-name gt  of your FacesServlet  public class NoCacheFilter implements Filter         Override     public void doFilter ServletRequest request  ServletResponse response  FilterChain chain  throws IOException  ServletException           HttpServletRequest req    HttpServletRequest  request          HttpServletResponse res    HttpServletResponse  response           if   req getRequestURI   startsWith req getContextPath     ResourceHandler RESOURCE IDENTIFIER        Skip JSF resources  CSS JS Images etc              res setHeader  Cache-Control    no-cache  no-store  must-revalidate       HTTP 1 1              res setHeader  Pragma    no-cache       HTTP 1 0              res setDateHeader  Expires   0      Proxies                     chain doFilter request  response                         Avoiding ViewExpiredException on page refresh  In order to avoid ViewExpiredException when refreshing the current page when the state saving is set to server  you not only need to make sure you are performing page-to-page navigation exclusively by GET  regular links buttons   but you also need to make sure that you are exclusively using ajax to submit the forms  If you re submitting the form synchronously  non-ajax  anyway  then you d best either make the view stateless  see later section   or to send a redirect after POST  see previous section     Having a ViewExpiredException on page refresh is in default configuration a very rare case  It can only happen when the limit on the amount of views JSF will store in the session is hit  So  it will only happen when you ve manually set that limit way too low  or that you re continuously creating new views in the  background   e g  by a badly implemented ajax poll in the same page or by a badly implemented 404 error page on broken images of the same page   See also com sun faces numberOfViewsInSession vs com sun faces numberOfLogicalViews for detail on that limit  Another cause is having duplicate JSF libraries in runtime classpath conflicting each other  The correct procedure to install JSF is outlined in our JSF wiki page   Handling ViewExpiredException  When you want to handle an unavoidable ViewExpiredException after a POST action on an arbitrary page which was already opened in some browser tab window while you re logged out in another tab window  then you d like to specify an error-page for that in web xml which goes to a  Your session is timed out  page  E g    lt error-page gt       lt exception-type gt javax faces application ViewExpiredException lt  exception-type gt       lt location gt  WEB-INF errorpages expired xhtml lt  location gt   lt  error-page gt    Use if necessary a meta refresh header in the error page in case you intend to actually redirect further to home or login page    lt  DOCTYPE html gt   lt html lang  en  gt       lt head gt           lt title gt Session expired lt  title gt           lt meta http-equiv  refresh  content  0 url   request contextPath  login xhtml    gt       lt  head gt       lt body gt           lt h1 gt Session expired lt  h1 gt           lt h3 gt You will be redirected to login page lt  h3 gt           lt p gt  lt a href    request contextPath  login xhtml  gt Click here if redirect didn t work or when you re impatient lt  a gt   lt  p gt       lt  body gt   lt  html gt     the 0 in content represents the amount of seconds before redirect  0 thus means  redirect immediately   you can use e g  3 to let the browser wait 3 seconds with the redirect   Note that handling exceptions during ajax requests requires a special ExceptionHandler  See also Session timeout and ViewExpiredException handling on JSF PrimeFaces ajax request  You can find a live example at OmniFaces FullAjaxExceptionHandler showcase page  this also covers non-ajax requests    Also note that your  general  error page should be mapped on  lt error-code gt  of 500 instead of an  lt exception-type gt  of e g  java lang Exception or java lang Throwable  otherwise all exceptions wrapped in ServletException such as ViewExpiredException would still end up in the general error page  See also ViewExpiredException shown in java lang Throwable error-page in web xml    lt error-page gt       lt error-code gt 500 lt  error-code gt       lt location gt  WEB-INF errorpages general xhtml lt  location gt   lt  error-page gt    Stateless views  A completely different alternative is to run JSF views in stateless mode  This way nothing of JSF state will be saved and the views will never expire  but just be rebuilt from scratch on every request  You can turn on stateless views by setting the transient attribute of  lt f view gt  to true    lt f view transient  true  gt    lt  f view gt    This way the javax faces ViewState hidden field will get a fixed value of  stateless  in Mojarra  have not checked MyFaces at this point   Note that this feature was introduced in Mojarra 2 1 19 and 2 2 0 and is not available in older versions   The consequence is that you cannot use view scoped beans anymore  They will now behave like request scoped beans  One of the disadvantages is that you have to track the state yourself by fiddling with hidden inputs and or loose request parameters  Mainly those forms with input fields with rendered  readonly or disabled attributes which are controlled by ajax events will be affected   Note that the  lt f view gt  does not necessarily need to be unique throughout the view and or reside in the master template only  It s also completely legit to redeclare and nest it in a template client  It basically  extends  the parent  lt f view gt  then  E g  in master template    lt f view contentType  text html  gt       lt ui insert name  content    gt   lt  f view gt    and in template client    lt ui define name  content  gt       lt f view transient  true  gt           lt h form gt     lt  h form gt       lt  f view gt   lt  f view gt    You can even wrap the  lt f view gt  in a  lt c if gt  to make it conditional  Note that it would apply on the entire view  not only on the nested contents  such as the  lt h form gt  in above example   See also   ViewExpiredException shown in java lang Throwable error-page in web xml Check if session exists JSF Session timeout and ViewExpiredException handling on JSF PrimeFaces ajax request     Unrelated to the concrete problem  using HTTP POST for pure page-to-page navigation isn t very user SEO friendly  In JSF 2 0 you should really prefer  lt h link gt  or  lt h button gt  over the  lt h commandXxx gt  ones for plain vanilla page-to-page navigation   So instead of e g    lt h form id  menu  gt       lt h commandLink value  Foo  action  foo faces-redirect true    gt       lt h commandLink value  Bar  action  bar faces-redirect true    gt       lt h commandLink value  Baz  action  baz faces-redirect true    gt   lt  h form gt    better do   lt h link value  Foo  outcome  foo    gt   lt h link value  Bar  outcome  bar    gt   lt h link value  Baz  outcome  baz    gt    See also   When should I use h outputLink instead of h commandLink  Difference between h button and h commandButton How to navigate in JSF  How to make URL reflect current page  and not previous one

User · Answer

When our page is idle for x amount of time the view will expire and throw javax.faces.application.ViewExpiredException to prevent this from happening one solution is to create CustomViewHandler that extends ViewHandler and override restoreView method all the other methods are being delegated to the Parent

import java.io.IOException;
import javax.faces.FacesException;
import javax.faces.application.ViewHandler;
import javax.faces.component.UIViewRoot;
import javax.faces.context.FacesContext;
import javax.servlet.http.HttpServletRequest;

public class CustomViewHandler extends ViewHandler {
    private ViewHandler parent;

    public CustomViewHandler(ViewHandler parent) {
        //System.out.println("CustomViewHandler.CustomViewHandler():Parent View Handler:"+parent.getClass());
        this.parent = parent;
    }

    @Override 
    public UIViewRoot restoreView(FacesContext facesContext, String viewId) {
    /**
     * {@link javax.faces.application.ViewExpiredException}. This happens only  when we try to logout from timed out pages.
     */
        UIViewRoot root = null;
        root = parent.restoreView(facesContext, viewId);
        if(root == null) {
            root = createView(facesContext, viewId);
        }
        return root;
    }

    @Override
    public Locale calculateLocale(FacesContext facesContext) {
        return parent.calculateLocale(facesContext);
    }

    @Override
    public String calculateRenderKitId(FacesContext facesContext) {
        String renderKitId = parent.calculateRenderKitId(facesContext);
        //System.out.println("CustomViewHandler.calculateRenderKitId():RenderKitId: "+renderKitId);
        return renderKitId;
    }

    @Override
    public UIViewRoot createView(FacesContext facesContext, String viewId) {
        return parent.createView(facesContext, viewId);
    }

    @Override
    public String getActionURL(FacesContext facesContext, String actionId) {
        return parent.getActionURL(facesContext, actionId);
    }

    @Override
    public String getResourceURL(FacesContext facesContext, String resId) {
        return parent.getResourceURL(facesContext, resId);
    }

    @Override
    public void renderView(FacesContext facesContext, UIViewRoot viewId) throws IOException, FacesException {
        parent.renderView(facesContext, viewId);
    }

    @Override
    public void writeState(FacesContext facesContext) throws IOException {
        parent.writeState(facesContext);
    }

    public ViewHandler getParent() {
        return parent;
    }

}

Then you need to add it to your faces-config.xml

<application>
    <view-handler>com.demo.CustomViewHandler</view-handler>
</application>

Thanks for the original answer on the below link: http://www.gregbugaj.com/?p=164

User · Answer

Avoid multipart forms in Richfaces    lt h form enctype  multipart form-data  gt       lt a4j poll id  poll  interval  10000   gt   lt  h form gt    If you are using Richfaces  i have found that ajax requests inside of multipart forms return a new View ID on each request   How to debug   On each ajax request a View ID is returned  that is fine as long as the View ID is always the same  If you get a new View ID on each request  then there is a problem and must be fixed

User · Answer

Please  add this line in your web xml It works for me    lt context-param gt           lt param-name gt org ajax4jsf handleViewExpiredOnClient lt  param-name gt            lt param-value gt true lt  param-value gt            lt  context-param gt

User · Answer

I was getting this error   javax faces application ViewExpiredException When I using different requests  I found those having same JsessionId  even after restarting the server  So this is due to the browser cache  Just close the browser and try  it will work

User · Answer

I ran into this problem myself and realized that it was because of a side-effect of a Filter that I created which was filtering all requests on the appliation  As soon as I modified the filter to pick only certain requests  this problem did not occur  It maybe good to check for such filters in your application and see how they behave

User · Answer

I add the following configuration to web xml and it got resolved    lt context-param gt       lt param-name gt com sun faces numberOfViewsInSession lt  param-name gt       lt param-value gt 500 lt  param-value gt   lt  context-param gt   lt context-param gt       lt param-name gt com sun faces numberOfLogicalViews lt  param-name gt       lt param-value gt 500 lt  param-value gt   lt  context-param gt

[jsf] javax.faces.application.ViewExpiredException: View could not be restored

The answer is

Examples related to jsf

Examples related to jsf-2

Examples related to logout

Examples related to viewexpiredexception

Tags