Skip to content
This repository has been archived by the owner on Mar 20, 2021. It is now read-only.

ExternalContext.redirect() for AJAX creates a new HttpSession and may throw a ClassCastException/NullPointerException #4405

Open
mmariotti opened this issue Oct 24, 2019 · 0 comments
Open

ExternalContext.redirect() for AJAX creates a new HttpSession and may throw a ClassCastException/NullPointerException #4405

mmariotti opened this issue Oct 24, 2019 · 0 comments

Comments

@mmariotti
Copy link

Hello,

this problem has been discussed on StackOverflow

the code of redirect():

@Override
public void redirect(String requestURI) throws IOException {

    FacesContext ctx = FacesContext.getCurrentInstance();
    doLastPhaseActions(ctx, true);

    if (ctx.getPartialViewContext().isPartialRequest()) {
        if (getSession(true) instanceof HttpSession &&    // <----- creates a new HttpSession
            ctx.getResponseComplete()) {
            throw new IllegalStateException();
        }
        PartialResponseWriter pwriter;
        ResponseWriter writer = ctx.getResponseWriter();
        if (writer instanceof PartialResponseWriter) {
            pwriter = (PartialResponseWriter) writer;
        } else {
            pwriter = ctx.getPartialViewContext().getPartialResponseWriter();
        }
        setResponseContentType("text/xml");
        setResponseCharacterEncoding("UTF-8");
        addResponseHeader("Cache-Control", "no-cache");
//        pwriter.writePreamble("<?xml version='1.0' encoding='UTF-8'?>\n");
        pwriter.startDocument();
        pwriter.redirect(requestURI);
        pwriter.endDocument();
    } else {
        ((HttpServletResponse) response).sendRedirect(requestURI);  // <----- may throw a ClassCastException/NullPointerException
    }
    ctx.responseComplete();       
}

As you can see there are two problems.

It should be replaced with something like:

@Override
public void redirect(String requestURI) throws IOException {

    FacesContext ctx = FacesContext.getCurrentInstance();
    doLastPhaseActions(ctx, true);

    if (ctx.getPartialViewContext().isPartialRequest()) {
        if (response instanceof HttpServletResponse &&
            ctx.getResponseComplete()) {
            throw new IllegalStateException();
        }
        PartialResponseWriter pwriter;
        ResponseWriter writer = ctx.getResponseWriter();
        if (writer instanceof PartialResponseWriter) {
            pwriter = (PartialResponseWriter) writer;
        } else {
            pwriter = ctx.getPartialViewContext().getPartialResponseWriter();
        }
        setResponseContentType("text/xml");
        setResponseCharacterEncoding("UTF-8");
        addResponseHeader("Cache-Control", "no-cache");
//        pwriter.writePreamble("<?xml version='1.0' encoding='UTF-8'?>\n");
        pwriter.startDocument();
        pwriter.redirect(requestURI);
        pwriter.endDocument();
    } else if (response instanceof HttpServletResponse) {
        ((HttpServletResponse) response).sendRedirect(requestURI);
    } else {
        throw new IllegalStateException();
    }
    
    ctx.responseComplete();
}
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mmariotti