Hi together,
i have a little problem with
JSF 2.0 and SessionTimeouts while AJAX-Requests in a JAAS secured Web Application.
Target: Redirect to Login-Page on SessionTimeouted-Ajax-Call
My idea was to implement a PhaseListener to detect if there is an SessionTimeout. The Problem in this case is: i am using JAAS to authenticate the user.
In "normal" requests, the user gets automatically redirected to the login-page if he isn't authenticated any more.
In an Ajax-Case this doesn't work of course. The Problem looks like this:
1. Ajax-Call to an page page.xhtml to do an partial rerendering
2. the security layer detects that there is no authentication, and redirect to login.xhtml
3. jsf seems not detecting this issue and gives an empty response to the ajax-caller
!on jsf side i have no chance to detect the authentication fails-redirect:
- a valid (new) session is linked before.
- - in this new Session there is no principal defined, but i can't detect any more if it is because of an initial call or an ajax-request because
> jsf gets an normal request, not declared as ajax-request
> jsf gets an normal request for the login page, not the original page
i am running out of ideas..
somebody else?
thanks a lot
Dominik.