Joined: 17/Aug/2011 10:08:42
I'm experiencing a problem with session timeouts:
Due to some specific security requriements, we have to handle page access control not via J2EE <security-constraints>, but through an explicit Security Servlet-Filter that checks whether the user has the approriate access rights.
If not, the user is redirected to a login-page.
This works perfect in standard J2EE-applications, however with ICE-Faces / Ajax it seems no create problems:
Pushing a Button after Session expiration, causes the Security-Filter to redirect (http-Status 307) the java-script-Request to the internal login-page, which seems to be misinterpreted by the calling java-script. The page get's stuck.
The logfile shows this problem:
2011-10-28 13:20:19,965 DEBUG [XXX.login.servlet.filter.SecLoginFilter] - access to protected resource 'XXX_Plattform_WebApp/faces/ui/admin/StatusMaintenance.xhtml' requires authentication.
2011-10-28 13:20:19,965 DEBUG [XXX.login.servlet.filter.SecLoginFilter] - serviceAuthorizeRequest() - redirect to: https://localhost:8443/XXX_Plattform_WebApp/faces/login/login.xhtml?faces-redirect=true&redir=%2FXXX_Plattform_WebApp%2Ffaces%2Fui%2Fadmin%2FStatusMaintenance.xhtml
My expectation would have been, that ICEFaces could deal with this situation, but it seems not.
I have no clue, how to resolve this problem.
Any hint is appreciated.