ViewExpiredException when rendering error.xhtml

[matthias-ronge]

I encounter ViewExpiredException when opening a process in the metadata editor. Stack trace is:

java.lang.NullPointerException
	at org.kitodo.data.database.beans.User.<init>(User.java:122)
	at org.kitodo.production.services.data.UserService.getCurrentUser(UserService.java:225)
	at org.kitodo.production.controller.SessionClientController.getAvailableClientsOfCurrentUser(SessionClientController.java:148)
	at org.kitodo.production.controller.SessionClientController.userHasOnlyOneClient(SessionClientController.java:61)
	at org.kitodo.production.controller.SessionClientController.getCurrentSessionClientName(SessionClientController.java:47)
	at jdk.internal.reflect.GeneratedMethodAccessor509.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at javax.el.BeanELResolver.getValue(BeanELResolver.java:88)

I could find out that this happens when resolving the following expression: #{SessionClientController.currentSessionClientName} for which I found only one occurrence, in navigation.xml, line 109.

In UserService.getCurrentUser(UserService.java:225):

public User getCurrentUser() {
    return new User(getAuthenticatedUser());
}

getAuthenticatedUser() returns null from SecurityAccess.getCurrentAuthentication(SecurityAccess.java:139):

protected Authentication getCurrentAuthentication() {
    return SecurityContextHolder.getContext().getAuthentication();
}

because the security context it picks up doesn’t contain an authentication. The field authentication inside it is null in the debugger, which is returned.

This happens when I am logged in, and there are subsequent calls to these functions when the page is built, which correctly return the authenticated user.

[matthias-ronge]

Update: It looks like this error only occurs if another error has previously occurred during page load (an instance of #3762 in my case). Removing the call to currentSessionClientName from navigation.xhtml uncovers the original error. So I removed the blocking tag. However, this should be fixed because the error hides the original error.

[markusweigelt]

@matthias-ronge Omniface can ignore ViewExpiredException in web.xml.
https://showcase.omnifaces.org/exceptionhandlers/FullAjaxExceptionHandler

Another possible solution is to optimize log4j2 logger to log other packages than "org.kitodo". There are existing logger configs for src and test in every module #4849. So we should consolidate this to one logger, cause insufficient logger config in some cases swallow exceptions.

[markusweigelt]

@matthias-ronge JSF swallows exceptions when value of PROJECT_STATE is not "Development".

I added following in web.xml but that should only be available for developer purposes. Besides that it's recommended to extend the FACELETS_BUFFER_SIZE.

<context-param>
      <param-name>javax.faces.PROJECT_STAGE</param-name>
      <param-value>Development</param-value>
  </context-param>

  <context-param>
      <param-name>javax.faces.FACELETS_BUFFER_SIZE</param-name>
      <param-value>5242880</param-value><!-- 5MB -->
  </context-param>

After that Nullpointer exceptions will be displayed.