-
FEATURED COMPONENTS
First time here? Check out the FAQ!
Hi all. I'm using ZK 6.5.2 CE on a JBOSS 7 server.
When the application session times out, I get the following error inside a browser popup window:
The server is temporarily out of service.
Would you like to try again?
(Unexpected token < (SyntaxError))
My zk.xml file is as follows:
<zk>
<session-config>
<automatic-timeout/>
<device-type>ajax</device-type>
<timeout-uri>/public/timeout.zul</timeout-uri>
</session-config>
<desktop-config>
<theme-uri>/public/css/mycss.css</theme-uri>
</desktop-config>
<library-property>
<name>org.zkoss.zul.listbox.rightSelect</name>
<value>false</value>
</library-property>
</zk>
My JVM is:
java version "1.7.025"
Java(TM) SE Runtime Environment (build 1.7.025-b15)
Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)
Any idea on how to solve the problem?
Thanks in advance, Massimiliano
So, that's what i did:
1 - in the Spring security configuration i mark the /zkau servlet like:
<s:http auto-config="true" >
<s:intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<s:intercept-url pattern="/img/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<s:intercept-url pattern="/jq/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<s:intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<s:intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<s:form-login login-page="/login.jsp" always-use-default-target="true" authentication-failure-url="/login.jsp?login_error=401" />
<s:logout invalidate-session="true" logout-success-url="/" />
<s:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
</s:http>
2 - i define a custom Session Listener like this:
public class SessionListener implements DesktopInit, DesktopCleanup {
@Override
public void cleanup(Desktop desktop) throws Exception {
//others stuffs here
}
@Override
public void init(Desktop desktop, Object request) throws Exception {
HttpServletRequest httpRequest = (HttpServletRequest) request;
if (SecurityContextHolder.getContext().getAuthentication() instanceof AnonymousAuthenticationToken) {
Executions.getCurrent().sendRedirect(httpRequest.getContextPath() + "/login.jsp");
}
//other stuffs here
}
}
In this way... an expired user can always access the /zkau without the (Unexpected token) error but he gets correctly redirected to the login page as soon as he commits an event that arrives to the server.
I never understood if this is a needed workaround for a spring security misconfiguration... or not: at the end it works like a charm so... if the product owner doesn't see it... who cares! :D
Hope it will help you. Giovanni
My timeout.zul is quite simple...
<window>
Sorry. Session timed out.
</window>
I tried to connect to timeout.zul and it worked...
And there are no error server side. The only messages are:
16:25:04,821 INFO [org.zkoss] (http-/0.0.0.0:8080-3) Loading labels for en_US
16:25:04,823 INFO [org.zkoss] (http-/0.0.0.0:8080-3) Loading labels for en
16:25:04,824 INFO [org.zkoss] (http-/0.0.0.0:8080-3) Opening file:/opt/workspaces/myapp/myapp-parent/myapp-web/src/main/webapp/WEB-INF/zk-label.properties
Any other idea?
I was having the same problem with a Spring Security not 100% complete configuration. When the session was expiring... the /zkau servlet was not reachable anymore and that (damn) error was popping up all the time.
Are you using Spring Security as well? Giovanni
I love Spring for some things, and use it in all my ZK apps. I'm not a fan of Spring Security though.
Note, just curious, are you behind an agent like SiteMinder or anything or is this issue showing up just running locally in jboss off your machine?
Asked: 2013-09-06 09:26:16 +0800
Seen: 68 times
Last updated: Oct 16 '13