Skip to main content

Login fails if target page generates exception

Please note these forums are being decommissioned and use the new and improved forums at
No replies
Joined: 2014-03-19
Points: 0

I am working on a web application running on Glassfish 4. I use simple form-based login (j_security_check). I have a JSF page through which the user can manipulate with data stored in a database. This page is backed by a view-scoped bean and I pass the ID of the selected object to this bean as a GET-request parameter. There is a method which is called before the view is rendered (preRenderView event):

public void initializeData() throws ItemNotFoundException {
    if (objectId == 0) {
        throw new ItemNotFoundException("Invalid ID: 0");
    } else if (objectId > 0) {
        // Find object with the specified ID
        test = getTestFacade().find(objectId);
        if (test == null) {
            throw new ItemNotFoundException(
                    "Item not found (ID: " + objectId + ")");
    // ...

As you can see, ItemNotFoundException is thrown when the requested object is not found. I created a custom error page for this exception type. The page backed by the view-scoped bean is protected, the user must be logged in before accessing it.

Now, here is my problem: If I specify an invalid ID in the request URI and I am not yet logged in when I try to access the page, my login page is shown. After logging in with the correct username and password I see my custom error page, since the requested object was not found. But if after this I try to access another protected page, it seems like I am not authenticated, and I need to repeat the login procedure.

I think this behaviour is totally illogical and it is unacceptable in my case. I don't think I am doing something wrong, but I can't rule out this possibility. It would be nice to know if this is the expected behaviour. (I hope it isn't.) Also, I am wondering if this qualifies as a bug in Glassfish. And of course it would be great to find a solution or a workaround for this bug.