Session Timeout Redirection

0

Hi everyone,

I am joining this post because I would like also to make a redirection to an external Application when session timeout happens using the community version (version 5.2) of JasperReports Server.

In my application, internal users can log in using the Jasper login page and external users can also be autheticated by sending a custom request to the Jasper server application.  I have a custom filter that extends BaseAuthenticationProcessingFilter and this filter processes this two request format.

When a external user log out, he is redirected to my external Application. For doing that, I have created a file which name starts with applicationContext-externalAuth and I have added   externalAuthProperties (see below) to my externalUserSetupProcessor which is used by my externalDataSynchronizer.
 

    <bean id="externalAuthProperties"
class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalAuthProperties">
 
        <!-- external logout url. If specified, logout will redirect to that address. -->
        <property name="logoutUrl" value="http://localhost:8080/myExternalApp"/>
    </bean>
 
</pre>

Redirection on logout works fine. But now I would like my external user to be redirected to my external app when session timeout happens.

My attempts to redirect on session timeout

1) I tried to add ConcurrentSessionFilter bean specifying ist expired-url property withe the URL to my external application. But this did not work.

2) I also tried to assign the URL to my external application to the internalAuthenticationFailureUrl property of my Filter. Then when a session timeout happens, my Jasper application get stuck on the page jasperserver/flow.html/?flowid = searchflow. There is a loading popup that seems to run in a infinite loop because it nevers disappeared. But If I refresh the page with the refresh button of my web browser, I get redirected to my external application.

3) I have also tried to assign another Jasper page to the internalAuthenticationFailureUrl property of my Filter (/exituser.html instead of /login.html?error=1). Then I added a javax.servlet.Filter that maps on the URL /exitiuser.html and which in its doFilter() method should redirects to my external application using

((HttpServletResponse) response).sendRedirect(targetUrl);


But this also does not work because I have exactly the same problem as with the previous attempt described above.

Questions

A) I saw the following in the file jasperserver-servlet.xml

    <!-- basic exception resolver for jasperserver application -->
    <bean id="exceptionResolver"  class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
        <property name="exceptionMappings">
            <props>
 
<prop
key="org.springframework.security.AccessDeniedException">modules/system/AccessDeniedPage</prop>
                <prop key="org.springframework.webflow.execution.repository.NoSuchFlowExecutionException">
                    modules/system/sessionExpiredErrorPage</prop>
                <prop key="java.lang.Exception">modules/system/errorPage</prop>
            </props>
        </property>
    </bean>


The modules/system/sessionExpiredErrorPage does not seem to be used. Do you know how can I use it so the JSP page sessionExpiredErrorPage could be displayed (Then I will try to make a redirection to my external application using a servlet).

I saw the following in the class com.jaspersoft.jasperserver.war.control.SystemErrorController

    /**
     * Handles 404 error (page not found error).
     *
     * @param req the request.
     * @param res the response.
     *
     * @return model and view.
     */
    public ModelAndView handle404(HttpServletRequest req, HttpServletResponse res) {
        return new ModelAndView("modules/system/404");
    }

If I add a similar method that returns the ModelAndView described below, would it be enough ?

return new ModelAndView("sessionExpiredErrorPage")

KrisParis's picture
Joined: Sep 3 2013 - 5:07am
Last seen: 5 years 11 months ago

Hi KrisParis,

I'm also stuck in the same case. Could you please help me out how to get out of this? Or Could you explan how u handled the same?

jlbvar19 - 1 year 1 month ago

Hi,

Have you found something new about this problem?

I would like to know if eventually some patches or new versions are going to be released in the future to fix this bug.

Also I would like to ask you, if you knew in which class the redirection to an external url on user session logout is implemented ?

To be more precise, I am talking about the class that implements the following:

    <bean id="externalAuthProperties"
class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalAuthProperties">
 
        <!-- external logout url. If specified, logout will redirect to that address. -->
        <property name="logoutUrl" value="http://localhost:8080/myExternalApp"/>
    </bean>
 
 

Thanks in advance,

KrisParis - 6 years 1 month ago

1 Answer:

0

Hi Kris,

Unfortunately, this is a known bugs in Jasperserver 5.2 which exist even in the commercial edition.

We have similar situation here and I'm lookin at the workaround at the moment.

Will keep you posted.

 

Cheers,

DJ

jcuser's picture
24
Joined: Dec 19 2011 - 3:18am
Last seen: 4 years 1 month ago

Hi,

Thanks for your reply.

Kris

KrisParis - 6 years 1 month ago
Feedback