Problem between XT-Ajax and acegi when the session timeout

[Chaps]

Hi!

I have a little problem here. I'm using acegi for the security part of my project, and XT-Ajax to call some actions.

A problem occurs when the session timeout. When a called the action, acegi is suppose to redirect to the login page, but because I'm calling the action using ajax, nothing happens.

Here is the code to set the timeout:

Code:

<session-config>
        <session-timeout>1</session-timeout>
    </session-config>

The action is called using: XT.doAjaxSubmit("validate",document.forms[0]);

Here is the stacktrace:
http://www.chaps.talktalk.net/trace.txt

So it seems that everything went fine, but nothing happens, the user is not redirected.

Any idea? Is it possible to redirect to another page when using ajax?

Guillaume

[sbtourist]

I have a little problem here. I'm using acegi for the security part of my project, and XT-Ajax to call some actions.
A problem occurs when the session timeout. When a called the action, acegi is suppose to redirect to the login page, but because I'm calling the action using ajax, nothing happens.
[CUT]
Is it possible to redirect to another page when using ajax?

Hi Guillaume,

the problem is that you cannot do a normal redirect when using Ajax, so you cannot use standard Acegi redirect capabilities when doing Ajax calls.

The RedirectAction (https://springmodules.dev.java.net/s...ectAction.html) is the standard way to do redirects in XT Ajax.
In order to integrate the RedirectAction with Acegi, you can code an HttpServlet that outputs the content of the action, and make Acegi point to this servlet.

Is it clear enough?

I know it is a kind of hack: I plan to solve it better in the near future ( XT Ajax is just 0.8 ).

Let us know how is it.
Cheers,

Sergio B.

[Chaps]

"In order to integrate the RedirectAction with Acegi, you can code an HttpServlet that outputs the content of the action, and make Acegi point to this servlet."

I'm not sure I understand :P But I will try something like that. I'm not it's a problem yet, but I don't only ajax action that can cause a session timeout.

Thank you, I'll come back to you as soon as I have something

[walpod]

Hi,

I had the same problem and found a simple solution by extending the Acegi AuthenticationProcessingFilterEntryPoint.commence( ) method:

If it is an ajex request then do the XT Ajax RedirectAction
else do the standard Acegi redirect/forward (super.commence()).

If you are interested I can post the source.

regards,
Walter

[Chaps]

Hello!

Well I didn't have time lately to implement a solution about that but yours seems very promising! I didn't think about that.
But how do you identify an ajax request in this class?
So yes I'm very interested by the source code

Thank you!

Regards,

Guillaume

[walpod]

Hello Guillaume,

Find the source in the attached zip file.

In fact a refactoring of the AuthenticationProcessingFilterEntryPoint class would reduce this class to a few lines. To build the redirect URL I had to copy and modify some code from the base class.

The only change in the acegi securityContext is the new class name:

<bean id="authenticationEntryPoint" class="util.XTAjaxAuthenticationProcessingFilterEn tryPoint">
...

I hope it's useful for you.

best regards,
Walter

[Chaps]

That's great! Thanks a lot!
I didn't know about this ajaxInterceptor.isAjaxRequest() method, this is why I couldn't identificate an ajaxrequest or a normal one.

I'm going to try it right now!

Thanks again

Edit: Working great!

[Chaps]

Hi again!

Your solution is working great, the redirection is working.
But! I still have a small problem. When I have been redirected after a timeout, and I login again, the link is:

https://localhost:8443/EclearReporti...id=showLoading

instead of
https://localhost:8443/EclearReporting/transaction.do because there are all the parameters that should have been handle via ajax. So instead of having my page, I have this page:


This XML file does not appear to have any style information associated with it. The document tree is shown below.

−
<taconite-root xml:space="preserve">
−
<taconite-execute-javascript parseInBrowser="true">
<script type="text/javascript">Element.hide('pageResultsContainer');</script>
</taconite-execute-javascript>
−
<taconite-execute-javascript parseInBrowser="true">
<script type="text/javascript">Element.show('loading');</script>
</taconite-execute-javascript>
</taconite-root>

Where does acegi keep the record of the link to redirect? I tried to remove the parameter from the request object in the commence() method, but first, it is not that easy to do, and then, I'm not sure that this request object is the one that keep the record of the redirected link.

Didn't you have this problem as well?

Guillaume

PS: acegi keep the request in this attribute:
httpRequest.getSession().setAttribute(AbstractProc essingFilter.ACEGI_SAVED_REQUEST_KEY, savedRequest);
But I still don't know how to modify it. But that's not an AJAX-XT problem anyway

[walpod]

Hi,

You will not have this problem if you are setting "alwaysUseDefaultTargetUrl" as I do:

<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilter">
...
<property name="defaultTargetUrl" value="/welcome.form"/>
<property name="alwaysUseDefaultTargetUrl" value="true"/>
</bean>

The drawback is that you are losing the original URL for all requests not only for ajax requests. If you cannot live with this situation then I would suppose that you have to extend the AuthenticationProcessingFilter#successfulAuthentic ation method and separate between ajax and non-ajax requests.

best regards,
Walter

[Chaps]

Interesting...

I solved my problem by extending the SavedRequest object and modifying the method that return the full URL, this way I can do it just in the case of ajax request has I modify it in the commence() method.

SavedRequestWithoutParameters myRequestWithoutParameters = new SavedRequestWithoutParameters((HttpServletRequest) request,new PortResolverImpl());

((HttpServletRequest)request).getSession().setAttr ibute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST _KEY, myRequestWithoutParameters);

But you solution might be better...

Thank you!