Session Timeout Redirection

[KrisParis]

Hi everyone,

I am joining this post because I would like also to make a redirection to an external Application when session timeout happens using the community version (version 5.2) of JasperReports Server.

In my application, internal users can log in using the Jasper login page and external users can also be autheticated by sending a custom request to the Jasper server application.  I have a custom filter that extends BaseAuthenticationProcessingFilter and this filter processes this two request format.

When a external user log out, he is redirected to my external Application. For doing that, I have created a file which name starts with applicationContext-externalAuth and I have added   externalAuthProperties (see below) to my externalUserSetupProcessor which is used by my externalDataSynchronizer.
 

    <bean id="externalAuthProperties"class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalAuthProperties">        <!-- external logout url. If specified, logout will redirect to that address. -->        <property name="logoutUrl" value="http://localhost:8080/myExternalApp"/>    </bean></pre>[/code]

Redirection on logout works fine. But now I would like my external user to be redirected to my external app when session timeout happens.

My attempts to redirect on session timeout

1) I tried to add ConcurrentSessionFilter bean specifying ist expired-url property withe the URL to my external application. But this did not work.

2) I also tried to assign the URL to my external application to the internalAuthenticationFailureUrl property of my Filter. Then when a session timeout happens, my Jasper application get stuck on the page jasperserver/flow.html/?flowid = searchflow. There is a loading popup  that seems to run in a infinite loop because it nevers disappeared. But If I refresh the page with the refresh button of my web browser, I get redirected to my external application.

3) I have also tried to assign another Jasper page to the internalAuthenticationFailureUrl property of my Filter (/exituser.html instead of /login.html?error=1). Then I added a javax.servlet.Filter that maps on the URL /exitiuser.html and which in its doFilter() method should redirects to my external application using

((HttpServletResponse) response).sendRedirect(targetUrl);[/code]

But this also does not work because I have exactly the same problem as with the previous attempt described above.

Questions

A) I saw the following in the file jasperserver-servlet.xml

    <!-- basic exception resolver for jasperserver application -->    <bean id="exceptionResolver"  class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">        <property name="exceptionMappings">            <props>              <propkey="org.springframework.security.AccessDeniedException">modules/system/AccessDeniedPage</prop>                <prop key="org.springframework.webflow.execution.repository.NoSuchFlowExecutionException">                    modules/system/sessionExpiredErrorPage</prop>                <prop key="java.lang.Exception">modules/system/errorPage</prop>            </props>        </property>    </bean>[/code]

The modules/system/sessionExpiredErrorPage does not seem to be used. Do you know how can I use it so the JSP page sessionExpiredErrorPage could be displayed (Then I will try to make a redirection to my external application using a servlet).

I saw the following in the class com.jaspersoft.jasperserver.war.control.SystemErrorController

    /**     * Handles 404 error (page not found error).     *     * @param req the request.     * @param res the response.     *     * @return model and view.     */    public ModelAndView handle404(HttpServletRequest req, HttpServletResponse res) {        return new ModelAndView("modules/system/404");    }[/code]

If I add a similar method that returns the ModelAndView described below, would it be enough ?

return new ModelAndView("sessionExpiredErrorPage")[/code]

 

[jcuser]

Hi Kris,

Unfortunately, this is a known bugs in Jasperserver 5.2 which exist even in the commercial edition.

We have similar situation here and I'm lookin at the workaround at the moment.

Will keep you posted.

 

Cheers,

DJ

[KrisParis]

Hi,

 

Thanks for your reply.

 

Kris

[KrisParis]

Hi,

Have you found something new about this problem?

I would like to know if eventually some patches or new versions are going to be released in the future to fix this bug.

Also I would like to ask you, if you knew in which class the redirection to an external url on user session logout is implemented ?

To be more precise, I am talking about the class that implements the following:

    <bean id="externalAuthProperties"
class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalAuthProperties">
 
        <!-- external logout url. If specified, logout will redirect to that address. -->
        <property name="logoutUrl" value="http://localhost:8080/myExternalApp"/>
    </bean>
 
 

Thanks in advance,

[jlbvar19]

Hi KrisParis,

I'm also stuck in the same case. Could you please help me out how to get out of this? Or Could you explan how u handled the same?

[Michael Bielkiewicz]

I realize this thread is nearly 10 years old, but since it came up first in my search for this exact issue, I wanted to point out this wiki article which states how this can be achieved (at least in later versions of JRS): https://community.jaspersoft.com/wiki/redirect-custom-page-instead-loginhtml-session-timeout-custom-auth