Ajax request for secured resource not redirected to login page
Hai All,
I had implemented Acegi in my project and every thing works fine untill the request is an Ajax request.If a secured URL is requested through Ajax request then it is not redirected to login page, if it is a normal HTTP request then every thing works fine.
Can Anybody help me how should this be handled?
Below is the code for my applicationContext.xml file......
Code:<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <beans> <!-- Serious of filter's which interrupt the request --> <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,logoutFilter,formAuthenticationProcessingFilter,channelProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor </value> </property> </bean> <!-- Defenition for channelProcessingFilter defined in filterChainProxy configuration --> <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter"> <property name="channelDecisionManager"> <ref bean="channelDecissionManager" /> </property> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /*=REQUIRES_INSECURE_CHANNEL </value> </property> </bean> <!-- ............................................................................ --> <!-- Defenition for channelDecissionManager defined as a peoperty in channelProcessingFilter --> <bean id="channelDecissionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl"> <property name="channelProcessors"> <list> <ref bean="secureChannelProcessor" /> <ref bean="insecureChannelProcessor" /> </list> </property> </bean> <!-- ............................................................................. --> <!-- Defenition for secureChannelProcessor and insecureChannelProcessor defined in channelDecissionManager--> <bean id="secureChannelProcessor" class="org.acegisecurity.securechannel.SecureChannelProcessor"> </bean> <bean id="insecureChannelProcessor" class="org.acegisecurity.securechannel.InsecureChannelProcessor"> </bean> <!-- ............................................................................... --> <!-- Defenition for httpSessionContextIntegrationFilter defined in filterChainProxy configuration --> <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"> </bean> <!-- ............................................................................................ --> <!-- Definition for logoutFilter configured in filterChainProxy configuration --> <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter"> <constructor-arg value="/" /> <constructor-arg > <list> <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/> </list> </constructor-arg> </bean> <!-- ........................................................................ --> <bean id="formAuthenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="filterProcessesUrl"> <value>/login</value> </property> <property name="authenticationFailureUrl"> <value>/courseoverview</value> </property> <property name="defaultTargetUrl"> <value>/courseoverview</value> </property> <property name="alwaysUseDefaultTargetUrl" value="false"></property> <property name="authenticationManager"> <ref bean="authenticationManager" /> </property> </bean> <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"> <ref bean="formLoginAuthenticationEntryPoint" /> </property> </bean> <bean id="formLoginAuthenticationEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl" value="/courseoverview"> </property> <property name="forceHttps" value="false"></property> </bean> <bean id="filterSecurityInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"> <ref bean="authenticationManager" /> </property> <property name="accessDecisionManager"> <ref bean="accessDecisionManager" /> </property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /resources=administrator,student /assignmets=administrator,student /tutorial=administrator,student </value> </property> </bean> <bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions" value="false"/> <property name="decisionVoters"> <list> <ref bean="roleVoter" /> </list> </property> </bean> <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"> <property name="rolePrefix" value="" /> </bean> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref bean="daoAuthenticationProvider" /> <!--<ref bean="rememberMeAuthenticationProvider" /> --></list> </property> </bean> <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService"> <ref bean="userDetailsService" /> </property> </bean> <bean id="userDetailsService" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl"> <property name="dataSource"> <ref bean="dataSource" /> </property> <property name="authoritiesByUsernameQuery"> <value> SELECT userName,role from userlogin where userName=? </value> </property> <property name="usersByUsernameQuery"> <value> SELECT userName,passWord,active from userlogin where userName=? </value> </property> </bean> <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"> <property name="driverClassName" value="${jdbc.driverClassName}" /> <property name="url" value="${elenin.hostname}" /> <property name="username" value="${elenin.userName}" /> <property name="password" value="${elenin.password}" /> </bean> <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="locations"> <list> <value>/WEB-INF/classes/elenin.properties</value> </list> </property> </bean> <!-- Configuration for the method level security --> <bean id="securedresource" class="com.rstone.controller.TutorialController"></bean> <bean id='autoProxyCreator' class='org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator'> <property name='interceptorNames'> <list><value>securityInterceptor</value></list> </property> <property name='beanNames'> <list><value>securedresource</value></list> </property> </bean> <bean id='securityInterceptor' class='org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor'> <property name='authenticationManager' ref='authenticationManager'/> <property name='accessDecisionManager' ref='accessDecisionManager'/> <property name='objectDefinitionSource'> <value> com.rstone.controller.TutorialController.displayResources=administrator,student com.rstone.controller.TutorialController.displayAssignmentDetails=administrator,student com.rstone.controller.TutorialController.displayFile=administrator,student </value> </property> </bean> <!-- ........................................................................ --> </beans>
