Hi Shishir > When the session expires, the login screen comes up (if I try > to click some link). However, it tries to redirect me (as it > should) to the page that I was trying to access. Since I was > storing some objects in the session to display in this new > page, they are no longer there since this is a new session. > > This results in a null pointer kind of exception.... > > > Is there a way to force the URL redirection to the > defaultTargetUrl or any other page rather than the one that > is stored in AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY. > > Say for certain pages, I always want the user to be > redirected to the base page from where they can start again. > > Is this something that is not security related ? > > If not, then I guess I will have to handle these programmatically.
No, you can't do that directly within Acegi Security. A fundamental problem is how Acegi Security would differentiate between a legitimate first request for the secured resource in which ACEGI_SECURITY_TARGET_URL_KEY should be honoured, versus an exired request that should have its ACEGI_SECURITY_TARGET_URL_KEY ignored. I guess we could have a boolean "ignoreRedirectUrl", which if true always redirects to defaultTargetUrl. Would this be of interest to others? I'd suggest writing a filter that ensures valid objects exist in the session. If they don't exist, either redirect to the start page or create them on-the-fly. HTH Ben ------------------------------------------------------- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
