Announcement Announcement Module
Collapse
No announcement yet.
IE7 dont redirect to login page with Ajax request(aja4jsf) Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • IE7 dont redirect to login page with Ajax request(aja4jsf)

    I've use spring security in my project and when user session expired...spring security servlet filter intercepts any ajax and http request and redirect to url to login !! It work fine in all borwsers unless IE 7 !! When some ajax request is send to server with user session expired....IE7 dont redirect to page !! actually it dont do anything....just stay like ajax responde dont have come back.....I put <a4j:log .....to see what've happened...and saw the ajax response come back,....but IE7 dont know how to redirect to page !!
    Someone could help me ? Whar should I do to IE 7 change to page login ?

  • #2
    Originally posted by FernandoFranzini View Post
    I've use spring security in my project and when user session expired...spring security servlet filter intercepts any ajax and http request and redirect to url to login !! It work fine in all borwsers unless IE 7 !! When some ajax request is send to server with user session expired....IE7 dont redirect to page !! actually it dont do anything....just stay like ajax responde dont have come back.....I put <a4j:log .....to see what've happened...and saw the ajax response come back,....but IE7 dont know how to redirect to page !!
    Someone could help me ? Whar should I do to IE 7 change to page login ?
    Hi I have the same problems with IE7 and session expiration. It is realy strange and we have use workaround for this. You can implement custom Servlet Filter and check if session expired. If true you return some custom HTTP error code (e.g. 599).
    Code:
    public class SessionTimeoutFilter implements Filter {
    
           public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
    		
                  HttpServletRequest httpServletRequest = (HttpServletRequest) request;
                  HttpServletResponse httpServletResponse = (HttpServletResponse) response;
    
    		// check if session is invalid
    		if (isSessionInvalid(httpServletRequest)) {
    			httpServletResponse.sendError(599,"Session timeout.");
    			return;
    		}
    		filterChain.doFilter(request, response);
            }
    
    	private boolean isSessionInvalid(HttpServletRequest httpServletRequest) {
    		boolean sessionInValid = (httpServletRequest.getRequestedSessionId() != null)
    				&& !httpServletRequest.isRequestedSessionIdValid();
    		return sessionInValid;
    	}
    
    }
    This error code you can catch using Richfaces javascript function:
    Code:
    A4J.AJAX.onError = function(req,status,message) {
        if( status == 599){
    		// do whatewer you want. e.g. show popup or redirect using javascript.
        }
    }
    I know it is workaround but I didn't find any better solutions.
    Does anybody know a better solution ?

    Comment


    • #3
      The alternative solutions is to extend AuthenticationProcessingFilterEntryPoint and AuthenticationProcessingFilter and analyze whether request was ajax or not.

      If request is ordinary then nothing is changed, delegation to super implementaiton.
      If request is ajax request, then entry point will send ajax4jsf response with redirection to login page, authentication processing filter will redirect default target url.

      Code something like this:
      Code:
      public class AjaxAuthenticationProcessingFilterEntryPoint extends AuthenticationProcessingFilterEntryPoint {
      
          @Override
          public void commence(final ServletRequest request, final ServletResponse response, final AuthenticationException authException)
                  throws IOException, ServletException {
              if (isAjaxRequest(request)) {
                  commenceAjax(request, response, authException);
                  
              } else {
                  super.commence(request, response, authException);
                  
              }
          }
      
          private boolean isAjaxRequest(final ServletRequest request) {
              return null != request.getParameterMap().get(AjaxContainerRenderer.AJAX_PARAMETER_NAME);
          }
      
          private void commenceAjax(ServletRequest request, ServletResponse response, AuthenticationException authException)
                  throws IOException {
              final HttpServletRequest httpRequest = (HttpServletRequest) request;
              final HttpServletResponse httpResponse = (HttpServletResponse) response;
              final String redirectUrl = buildRedirectUrlToLoginPage(httpRequest, httpResponse, authException);
              
              sendAjaxRedirect(httpRequest, httpResponse, redirectUrl);
          }
      
          private void sendAjaxRedirect(final HttpServletRequest request, final HttpServletResponse response, 
                  final String redirectUrl) throws IOException {
              response.reset();
              // Keep cookies.
              response.setHeader(AjaxContainerRenderer.AJAX_FLAG_HEADER, "redirect");
      
              // Not caching AJAX request
              response.setHeader("Cache-Control", "no-cache, must-revalidate, max_age=0, no-store");
              response.setHeader("Expires", "0");
              response.setHeader("Pragma", "no-cache");
              response.setContentType("text/xml;charset=UTF-8");
              response.setHeader(AjaxContainerRenderer.AJAX_LOCATION_HEADER, redirectUrl);
              
              final Writer output = createResponseWriter(response, "UTF-8");
              output.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
                      + "<html xmlns=\"http://www.w3.org/1999/xhtml\"><head>" 
                      + "<meta name=\"" + AjaxContainerRenderer.AJAX_FLAG_HEADER + "\" content=\"redirect\" />" 
                      + "<meta name=\"" + AjaxContainerRenderer.AJAX_LOCATION_HEADER + "\" content=\"" + redirectUrl + "\" />"
                      + "</head></html>");
              output.flush();
              response.flushBuffer();
          }
      
          private Writer createResponseWriter(final HttpServletResponse response, String characterEncoding)
                  throws IOException, UnsupportedEncodingException {
              Writer output;
              try {
                  output = response.getWriter();
              } catch (IllegalStateException e) {
                  if (null != characterEncoding) {
                      output = new OutputStreamWriter(response.getOutputStream(), characterEncoding);
                  } else {
                      output = new OutputStreamWriter(response.getOutputStream());
                  }
              }
              return output;
          }
      }
      Code:
      public class AjaxAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
      
          protected String determineTargetUrl(final HttpServletRequest request) {
              SavedRequest savedRequest = getSavedRequest(request);
              
              if (savedRequest != null && isAjaxRequest(savedRequest)) {
                  return getDefaultTargetUrl();
                  
              } else {
                  
                  return super.determineTargetUrl(request);
              }
          }
          
          public static SavedRequest getSavedRequest(final HttpServletRequest request) {
              return (SavedRequest) request.getSession().getAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY);
          }
      
          private boolean isAjaxRequest(final SavedRequest request) {
              return null != request.getParameterMap().get(AjaxContainerRenderer.AJAX_PARAMETER_NAME);
          }
      Last edited by Andrei Tsibets; Dec 9th, 2008, 03:32 PM.

      Comment


      • #4
        Fernando Franzini

        I solved almost in the same way:

        Code:
        1. I did a filter that extends Spring ExceptionTranslationFilter.
        
        public class ExceptionCirrusAjaxTranslationFilter extends 
        	org.springframework.security.ui.ExceptionTranslationFilter {
        	
        	@Override 
        	public void doFilterHttp(HttpServletRequest req, HttpServletResponse res,
        			FilterChain fc) throws IOException, ServletException {
        		if (req.getParameter(AjaxContainerRenderer.AJAX_PARAMETER_NAME) != null) {
        			try {
        				fc.doFilter(req, res);
        			} catch (Exception e) {
        				if (e instanceof AuthenticationCredentialsNotFoundException) {
        					res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        				} else {
        					e.printStackTrace();
        					res.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        				}
        			}
        		} else {
        			super.doFilterHttp(req, res, fc);
        		}
        	}
        }
        2. And get ajax callback ajax rich faces:
        Code:
        A4J.AJAX.onError = function(req,status,message) { 
        if (status == '401') { 
                window.alert('Usuário não autenticado ou tempo da sessão expirado.');
            }
        };

        Comment

        Working...
        X