Hi all.
I have a problem with authentication and ajax combination when session is expired.
I have configured the filter chain by default and configured the security context as follows:
Code:
<http>
<intercept-url pattern="/**/*.jsp*" access="ROLE_USER" />
<intercept-url pattern="/**/*.do*" access="ROLE_USER" />
<intercept-url pattern="/jsp/index.jsp*" access="ROLE_USER" />
<intercept-url pattern="/IKUTramitWEB/jsp/index.jsp*" access="ROLE_USER" />
<intercept-url pattern="/jsp/login.jsp*" filters="none" />
<intercept-url pattern="/jsp/maqueta/**" filters="none" />
<form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"/>
<concurrent-session-control
max-sessions="1"
exception-if-maximum-exceeded="true"
expired-url="/j_spring_security_logout" />
<logout invalidate-session="true" logout-success-url="/jsp/login.jsp" logout-url="/j_spring_security_logout"/>
</http>
So if a user leaves the application and its session opened and came back when session has expired I get the problem.
Of course, when the user requests a new page (from the opened application) the FilterSecurityInterceptor makes a sendRedirect to but it works with the status code 200.
So if I was requesting the page with ajax (see the code below) I get that success function is proceed, and login page is rendered into a div.
Ajax code (url and div are valued parameters):
Code:
$.ajax({
type: "GET",
url: url,
success: function(result, textStatus, request){
$(div).html(result);
}
}, error: function(request){
var s = request.status + "";
switch(s) {
case "404":
$.modal("<strong>Error 404:<strong> " + url);
break;
default:
$.modal(request.responseText);
}
}
});
I'm using the 2.0.5 Release
żDo you know why do spring not change the request.status to, for instance, 401 (Unauthorized)?
żIs there anything wrong with my code?
Many thanks
Spring authentication and ajax.
