Announcement Announcement Module
Collapse
No announcement yet.
Spring authentication and ajax. Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring authentication and ajax.

    Hi all.

    I have a problem with authentication and ajax combination when session is expired.

    I have configured the filter chain by default and configured the security context as follows:
    Code:
        <http>
            <intercept-url pattern="/**/*.jsp*" access="ROLE_USER" />
            <intercept-url pattern="/**/*.do*" access="ROLE_USER" />
            <intercept-url pattern="/jsp/index.jsp*" access="ROLE_USER" />
            <intercept-url pattern="/IKUTramitWEB/jsp/index.jsp*" access="ROLE_USER" />
            <intercept-url pattern="/jsp/login.jsp*" filters="none" />
            <intercept-url pattern="/jsp/maqueta/**" filters="none" />
            <form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"/>
            <concurrent-session-control
                max-sessions="1"
                exception-if-maximum-exceeded="true"
                expired-url="/j_spring_security_logout" />
            <logout invalidate-session="true" logout-success-url="/jsp/login.jsp" logout-url="/j_spring_security_logout"/>
        </http>
    So if a user leaves the application and its session opened and came back when session has expired I get the problem.

    Of course, when the user requests a new page (from the opened application) the FilterSecurityInterceptor makes a sendRedirect to
    Code:
    "/jsp/login.jsp"
    but it works with the status code 200.

    So if I was requesting the page with ajax (see the code below) I get that success function is proceed, and login page is rendered into a div.

    Ajax code (url and div are valued parameters):
    Code:
        $.ajax({
               type: "GET",
               url: url,
               success: function(result, textStatus, request){
    	                $(div).html(result);
    		        }
               }, error: function(request){
                   var s = request.status + "";
                    switch(s) {
                    case "404":
                           $.modal("<strong>Error 404:<strong> " + url);
                           break;
                    default:
                           $.modal(request.responseText);
                    }
               }
             });
    I'm using the 2.0.5 Release

    żDo you know why do spring not change the request.status to, for instance, 401 (Unauthorized)?

    żIs there anything wrong with my code?

    Many thanks
    Last edited by mtablado; Jul 28th, 2010, 11:57 AM. Reason: forgot the release.
Working...
X