Hi,
we are implementing an application using GWT2.1 + Spring security 3.0.
We use a SSO Kerberos authentication, if this fails, user can still
log in through a login page.
Our basic configuration is something like this:
<sec:http entry-point-ref="entryPoint">
<sec:session-management invalid-session-url="/login.jsp" />
<sec:intercept-url pattern="/login.jsp*" filters="none" />
<sec:intercept-url pattern="/images/*" filters="none" />
<sec:intercept-url pattern="/css/*" filters="none" />
<sec:intercept-url pattern="/*" access="IS_AUTHENTICATED_FULLY" />
<sec:custom-filter ref="spnegoProcessingFilter"
position="BASIC_AUTH_FILTER" />
<sec:form-login login-page="/login.jsp" default-target-url="/
Portal.html" always-use-default-target="false" authentication-failure-
url="/login.jsp?login_error" />
<sec:logout logout-success-url="/login.jsp?logout" invalidate-
session="true" />
</sec:http>
The authentication process works fine. Our problem is, how to deal
with the session time-out. SpringSecurity recognizes the the session
is invalid and calls in the filter chain a DefaultRedirectStrategy-
>response.redirect("/login.jsp"), how expected. But the redirect gets
lost and nothing happens. The user has to restart the browser or
recall the login URL by him self.
I read somewhere, that redirects are ignored by the GWT client, but
I'm not sure with this.
Any idea how to handle session-timeouts in GWT or how to make filter
redirects work for GWT clients?
Thanks for any advice,
Andrej
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
