Announcement Announcement Module
Collapse

Spring Modules forum decommissioned in favor of Spring Extensions

As the Spring Modules project has been replaced by the Spring Extensions (http://www.springsource.org/extensions) project, this forum has been decommissioned in favour of Spring Extensions one at:
http://forum.springsource.org/forumdisplay.php?f=44

Please see the Spring Extensions home page for a complete list of current projects in Java, .NET and ActionScript. You can also propose one if you want.

Cheers,
Costin Leau
SpringSource - http://www.SpringSource.com- Spring Training, Consulting, and Support - "From the Source"
http://twitter.com/costinl
See more
See less
Problem between XT-Ajax and acegi when the session timeout Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem between XT-Ajax and acegi when the session timeout

    Hi!

    I have a little problem here. I'm using acegi for the security part of my project, and XT-Ajax to call some actions.

    A problem occurs when the session timeout. When a called the action, acegi is suppose to redirect to the login page, but because I'm calling the action using ajax, nothing happens.

    Here is the code to set the timeout:

    Code:
    <session-config>
            <session-timeout>1</session-timeout>
        </session-config>
    The action is called using: XT.doAjaxSubmit("validate",document.forms[0]);

    Here is the stacktrace:
    http://www.chaps.talktalk.net/trace.txt

    So it seems that everything went fine, but nothing happens, the user is not redirected.

    Any idea? Is it possible to redirect to another page when using ajax?

    Guillaume

  • #2
    Originally posted by Chaps View Post
    I have a little problem here. I'm using acegi for the security part of my project, and XT-Ajax to call some actions.
    A problem occurs when the session timeout. When a called the action, acegi is suppose to redirect to the login page, but because I'm calling the action using ajax, nothing happens.
    [CUT]
    Is it possible to redirect to another page when using ajax?
    Hi Guillaume,

    the problem is that you cannot do a normal redirect when using Ajax, so you cannot use standard Acegi redirect capabilities when doing Ajax calls.

    The RedirectAction (https://springmodules.dev.java.net/s...ectAction.html) is the standard way to do redirects in XT Ajax.
    In order to integrate the RedirectAction with Acegi, you can code an HttpServlet that outputs the content of the action, and make Acegi point to this servlet.

    Is it clear enough?

    I know it is a kind of hack: I plan to solve it better in the near future ( XT Ajax is just 0.8 ).

    Let us know how is it.
    Cheers,

    Sergio B.

    Comment


    • #3
      "In order to integrate the RedirectAction with Acegi, you can code an HttpServlet that outputs the content of the action, and make Acegi point to this servlet."

      I'm not sure I understand :P But I will try something like that. I'm not it's a problem yet, but I don't only ajax action that can cause a session timeout.

      Thank you, I'll come back to you as soon as I have something
      Last edited by Chaps; Apr 20th, 2007, 10:12 AM.

      Comment


      • #4
        Hi,

        I had the same problem and found a simple solution by extending the Acegi AuthenticationProcessingFilterEntryPoint.commence( ) method:

        If it is an ajex request then do the XT Ajax RedirectAction
        else do the standard Acegi redirect/forward (super.commence()).

        If you are interested I can post the source.

        regards,
        Walter

        Comment


        • #5
          Hello!

          Well I didn't have time lately to implement a solution about that but yours seems very promising! I didn't think about that.
          But how do you identify an ajax request in this class?
          So yes I'm very interested by the source code

          Thank you!

          Regards,

          Guillaume
          Last edited by Chaps; May 3rd, 2007, 11:58 AM.

          Comment


          • #6
            Hello Guillaume,

            Find the source in the attached zip file.

            In fact a refactoring of the AuthenticationProcessingFilterEntryPoint class would reduce this class to a few lines. To build the redirect URL I had to copy and modify some code from the base class.

            The only change in the acegi securityContext is the new class name:
            <bean id="authenticationEntryPoint" class="util.XTAjaxAuthenticationProcessingFilterEn tryPoint">
            ...
            I hope it's useful for you.

            best regards,
            Walter

            Comment


            • #7
              That's great! Thanks a lot!
              I didn't know about this ajaxInterceptor.isAjaxRequest() method, this is why I couldn't identificate an ajaxrequest or a normal one.

              I'm going to try it right now!

              Thanks again

              Edit: Working great!
              Last edited by Chaps; May 8th, 2007, 05:03 AM.

              Comment


              • #8
                Hi again!

                Your solution is working great, the redirection is working.
                But! I still have a small problem. When I have been redirected after a timeout, and I login again, the link is:

                https://localhost:8443/EclearReporti...id=showLoading

                instead of
                https://localhost:8443/EclearReporting/transaction.do because there are all the parameters that should have been handle via ajax. So instead of having my page, I have this page:


                This XML file does not appear to have any style information associated with it. The document tree is shown below.


                <taconite-root xml:space="preserve">

                <taconite-execute-javascript parseInBrowser="true">
                <script type="text/javascript">Element.hide('pageResultsContainer');</script>
                </taconite-execute-javascript>

                <taconite-execute-javascript parseInBrowser="true">
                <script type="text/javascript">Element.show('loading');</script>
                </taconite-execute-javascript>
                </taconite-root>

                Where does acegi keep the record of the link to redirect? I tried to remove the parameter from the request object in the commence() method, but first, it is not that easy to do, and then, I'm not sure that this request object is the one that keep the record of the redirected link.

                Didn't you have this problem as well?

                Guillaume

                PS: acegi keep the request in this attribute:
                httpRequest.getSession().setAttribute(AbstractProc essingFilter.ACEGI_SAVED_REQUEST_KEY, savedRequest);
                But I still don't know how to modify it. But that's not an AJAX-XT problem anyway
                Last edited by Chaps; May 10th, 2007, 09:04 AM.

                Comment


                • #9
                  Hi,

                  You will not have this problem if you are setting "alwaysUseDefaultTargetUrl" as I do:
                  <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilter">
                  ...
                  <property name="defaultTargetUrl" value="/welcome.form"/>
                  <property name="alwaysUseDefaultTargetUrl" value="true"/>
                  </bean>
                  The drawback is that you are losing the original URL for all requests not only for ajax requests. If you cannot live with this situation then I would suppose that you have to extend the AuthenticationProcessingFilter#successfulAuthentic ation method and separate between ajax and non-ajax requests.

                  best regards,
                  Walter

                  Comment


                  • #10
                    Interesting...

                    I solved my problem by extending the SavedRequest object and modifying the method that return the full URL, this way I can do it just in the case of ajax request has I modify it in the commence() method.

                    SavedRequestWithoutParameters myRequestWithoutParameters = new SavedRequestWithoutParameters((HttpServletRequest) request,new PortResolverImpl());

                    ((HttpServletRequest)request).getSession().setAttr ibute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST _KEY, myRequestWithoutParameters);

                    But you solution might be better...

                    Thank you!
                    Last edited by Chaps; May 10th, 2007, 12:47 PM.

                    Comment


                    • #11
                      Hi,

                      I was curious about my proposed solution so I tried it out.

                      Although the implementation is a bit more complicated than I anticipated (one has to decide if the Acegi SavedRequest is an ajax request) it is working well in my environment.
                      I attached the source if you are interested.

                      And the Acegi securityContext.xml must be modified accordingly:
                      <bean id="authenticationProcessingFilter" class="util.XTAjaxAuthenticationProcessingFilter">
                      regards,
                      Walter
                      Last edited by walpod; May 11th, 2007, 11:22 AM. Reason: add config example

                      Comment


                      • #12
                        Originally posted by walpod View Post
                        Hi,

                        I was curious about my proposed solution so I tried it out.

                        Although the implementation is a bit more complicated than I anticipated (one has to decide if the Acegi SavedRequest is an ajax request) it is working well in my environment.
                        I attached the source if you are interested.

                        And the Acegi securityContext.xml must be modified accordingly:


                        regards,
                        Walter

                        Hi,
                        I have the same problem, so I tried your solution, when I do a normal request after the session expires I'm directed to XTAjaxAuthenticationProcessingFilter, but when I do the same with an ajax request it doesn't seem to enter that class, Am I missing something else?

                        Thanks,
                        Omasu

                        Comment


                        • #13
                          Originally posted by Omasu View Post
                          Hi,
                          I have the same problem, so I tried your solution, when I do a normal request after the session expires I'm directed to XTAjaxAuthenticationProcessingFilter, but when I do the same with an ajax request it doesn't seem to enter that class, Am I missing something else?

                          Thanks,
                          Omasu
                          Hi,

                          Did you configure your Ajax request url pattern in Acegi to redirect to your login screen?
                          After submitting your login user/password the XTAjaxAuthenticationProcessingFilter should be entered no matter if the original request was an ajax request or not.

                          best regards,
                          walter

                          Comment

                          Working...
                          X