This code I took from BalusC fixed the issue for me (JAAS j_security_check on Glassfish); all AJAX calls that occur after session timeout are redirected to login page.davidfdr wrote: In my case the page is protected with JAAS (JBOSS AS 7 + PRIMEFACES 4).
I was unable to build a filter to handle ajax requests and check if the user is logged in (pre filter j_security_check).
The response from ajax calls:With this I can 't handle the redirec to the login page....Code: Select all
<?xml version='1.0' encoding='UTF-8'?> <partial-response><changes><update id="javax.faces.ViewState"><![CDATA[-5436816145615382846:4622433328007168648]]></update></changes></partial-response>
Code: Select all
import java.io.IOException;
import javax.faces.FacesException;
import javax.faces.context.FacesContext;
import javax.faces.event.PhaseEvent;
import javax.faces.event.PhaseId;
import javax.faces.event.PhaseListener;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
/**
* does redirect to login page in case of session timeout on ajax request
*
*/
public class AjaxLoginListener implements PhaseListener {
@Override
public PhaseId getPhaseId() {
return PhaseId.RESTORE_VIEW;
}
@Override
public void beforePhase(PhaseEvent event) {
// do nothing
}
@Override
public void afterPhase(PhaseEvent event) {
FacesContext context = event.getFacesContext();
HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
String originalURL = (String) request.getAttribute(RequestDispatcher.FORWARD_REQUEST_URI);
String loginURL = request.getContextPath() + "/faces/loginForm.xhtml";
if (context.getPartialViewContext().isAjaxRequest() && originalURL != null && loginURL.equals(request.getRequestURI())) {
try {
context.getExternalContext().redirect(originalURL);
} catch (IOException e) {
throw new FacesException(e);
}
}
}
}
Code: Select all
<?xml version='1.0' encoding='UTF-8'?>
<faces-config version="2.1"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd">
<lifecycle>
<phase-listener>your.package.name.AjaxLoginListener</phase-listener>
</lifecycle>
</faces-config>