Session Expired with JAAS


I have a system with Vaadin + JBoss + JAAS.

I would like to throw a message when the session expires from Vaadin. This works normally without the JAAS (JavaTM Authentication and Authorization Service).

The JAAS takes control of the session, and expires it (ok, this is correct).

Then , Vaadin is not able to recognize the expired session, because the session is no more longer available.

Anyone has already done this with JAAS?

My principal question is: how to throw a message when session expires while Jaas is controlling the session.

Thank you.


This is one of the most irritating things about using JAAS; basically, there is no way for Vaadin to detect the session expiration. And since the response to a normal Vaadin call is suddenly invalid (the login page, served by JAAS), Vaadin throws a fit. Fortunately, there is a workaround for this.

If you add the text Vaadin-Refresh: /myLogin inside your login page (in a HTML comment for example), The Vaadin client side will automatically redirect the browser to the given url. This page can be a notification, the login page, or whatever. It is not a perfect solution, but currently it is the best one there is.

Hi Thomas,

I’ll try this workaround and post the results tomorrow.

Thank you.

It works! It’s really strange this implementation, but anyway, it´s the unique available feature.

Thank you.

Glad you got it working! Yes, this feature could definitely be improved upon… I’ll have to have a chat with the dev guys :slight_smile: