<partial-response> XML shown as plain text after ajax redirect on security constraint in WildFly

狂风中的少年 提交于 2019-11-28 01:59:11
BalusC

I reproduced it. This is a strange quirk/bug in WildFly itself.

What's happening here?

By default, without OmniFaces, when a request is fired on a constrained page while the session is expired, the server by default returns the entire HTML page identified by <form-login-page> as response, regardless of the source of the request. This obviously fails with JSF ajax requests as the JavaScript responsible for processing ajax requests couldn't deal with a whole HTML page as response where it expected a special XML response. The user is left with no form of feedback. This is since OmniFaces 1.2 fixed in its OmniPartialViewContext, triggered by this related question: ViewExpiredException not thrown on ajax request if JSF page is protected by j_security_check.

With OmniFaces, a special JSF ajax redirect response in form of <partial-response><redirect url="originalURL"> is returned instead of the entire login page, and the security constraint is triggered once again, but this time with a real synchronous request instead of an JSF ajax request. When the server returns the entire <form-login-page>, it would work just fine this way.

WildFly (tested only 10.0.0 as of now), however, appears to cache the entire <form-login-page> response of the 1st security constraint hit in the session (whereas it is expected to cache only the associated request) and return exactly that response on every hit of a constrained request. That's why you see the initial <partial-response> XML response every time.

As per this commit I have bypassed it by explicitly invalidating the session once again before generating the ajax redirect in OmniPartialViewContext. The fix is available in OmniFaces 2.3.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!