1

(Unexpected token < (SyntaxError)) on session timeout [closed]

asked 2013-09-06 09:26:16 +0800

ziccardi gravatar image ziccardi
321 7

updated 2013-09-06 09:26:48 +0800

Hi all. I'm using ZK 6.5.2 CE on a JBOSS 7 server.

When the application session times out, I get the following error inside a browser popup window:

The server is temporarily out of service.
Would you like to try again?
(Unexpected token < (SyntaxError))

My zk.xml file is as follows:

<zk>
    <session-config>
        <automatic-timeout/>
        <device-type>ajax</device-type>    
        <timeout-uri>/public/timeout.zul</timeout-uri>
    </session-config>
    <desktop-config>
        <theme-uri>/public/css/mycss.css</theme-uri>
    </desktop-config>
    <library-property>
        <name>org.zkoss.zul.listbox.rightSelect</name>
        <value>false</value>
    </library-property>
</zk>

My JVM is:

java version "1.7.025"
Java(TM) SE Runtime Environment (build 1.7.0
25-b15)
Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)

Any idea on how to solve the problem?

Thanks in advance, Massimiliano

delete flag offensive retag edit

The question has been closed for the following reason "the question is answered, right answer was accepted" by ziccardi
close date 2014-04-09 11:13:12

9 Answers

Sort by » oldest newest most voted
1

answered 2013-09-21 09:15:55 +0800

gganassin gravatar image gganassin flag of Luxembourg
540 6
http://www.hybris.com/

updated 2013-09-21 09:21:25 +0800

So, that's what i did:

1 - in the Spring security configuration i mark the /zkau servlet like:

<s:http auto-config="true" >
    <s:intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <s:intercept-url pattern="/img/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <s:intercept-url pattern="/jq/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <s:intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <s:intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />

    <s:form-login login-page="/login.jsp" always-use-default-target="true" authentication-failure-url="/login.jsp?login_error=401" />
    <s:logout invalidate-session="true" logout-success-url="/" />

    <s:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
</s:http>

2 - i define a custom Session Listener like this:

    public class SessionListener implements DesktopInit, DesktopCleanup {

    @Override
    public void cleanup(Desktop desktop) throws Exception {
        //others stuffs here
    }

    @Override
    public void init(Desktop desktop, Object request) throws Exception {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        if (SecurityContextHolder.getContext().getAuthentication() instanceof AnonymousAuthenticationToken) {
            Executions.getCurrent().sendRedirect(httpRequest.getContextPath() + "/login.jsp");
        }
        //other stuffs here
    }

}

In this way... an expired user can always access the /zkau without the (Unexpected token) error but he gets correctly redirected to the login page as soon as he commits an event that arrives to the server.

I never understood if this is a needed workaround for a spring security misconfiguration... or not: at the end it works like a charm so... if the product owner doesn't see it... who cares! :D

Hope it will help you. Giovanni

link publish delete flag offensive edit
0

answered 2013-09-10 09:26:30 +0800

samchuang gravatar image samchuang
4084 4

did you see any error log on server side?

The error message you post looks like the timeout.zul may wrong, have you tried to link to timeout.zul directly?

link publish delete flag offensive edit
0

answered 2013-09-11 15:24:43 +0800

ziccardi gravatar image ziccardi
321 7

updated 2013-09-11 15:28:22 +0800

My timeout.zul is quite simple...

<window>
    Sorry. Session timed out.
</window>

I tried to connect to timeout.zul and it worked...

And there are no error server side. The only messages are:

16:25:04,821 INFO [org.zkoss] (http-/0.0.0.0:8080-3) Loading labels for en_US
16:25:04,823 INFO [org.zkoss] (http-/0.0.0.0:8080-3) Loading labels for en
16:25:04,824 INFO [org.zkoss] (http-/0.0.0.0:8080-3) Opening file:/opt/workspaces/myapp/myapp-parent/myapp-web/src/main/webapp/WEB-INF/zk-label.properties

Any other idea?

link publish delete flag offensive edit
0

answered 2013-09-13 13:31:46 +0800

ziccardi gravatar image ziccardi
321 7

No one has any idea?

link publish delete flag offensive edit
0

answered 2013-09-15 16:58:18 +0800

gganassin gravatar image gganassin flag of Luxembourg
540 6
http://www.hybris.com/

I was having the same problem with a Spring Security not 100% complete configuration. When the session was expiring... the /zkau servlet was not reachable anymore and that (damn) error was popping up all the time.

Are you using Spring Security as well? Giovanni

link publish delete flag offensive edit
0

answered 2013-09-17 08:55:16 +0800

ziccardi gravatar image ziccardi
321 7

Yes! I'm using spring security! How did you solve the problem?

link publish delete flag offensive edit
0

answered 2013-09-18 18:39:27 +0800

rickcr gravatar image rickcr
704 7

I love Spring for some things, and use it in all my ZK apps. I'm not a fan of Spring Security though.

Note, just curious, are you behind an agent like SiteMinder or anything or is this issue showing up just running locally in jboss off your machine?

link publish delete flag offensive edit
0

answered 2013-09-19 08:29:07 +0800

ziccardi gravatar image ziccardi
321 7

I just run my application locally inside my JBOSS.

Any hint?

link publish delete flag offensive edit
0

answered 2013-10-16 15:22:24 +0800

ziccardi gravatar image ziccardi
321 7

Hi Giovanni.

Thank you for your help. In my application, adding

<intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

has been enough.

Thanks a lot!

link publish delete flag offensive edit

Question tools

Follow
1 follower

RSS

Stats

Asked: 2013-09-06 09:26:16 +0800

Seen: 68 times

Last updated: Oct 16 '13

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More