I have an application which is based on JSF framework. The application uses siteminder for security implementation.
Siteminder intercepts the request and if session times out, stores the request, and redirects to login page. After successful authentication, user is redirected to the page where session timed out.
This is working fine except for AJAX requests. If, an AJAX request was fired by JSF, and siteminder intercepted the request and session has already timed out, siteminder stores this request and hence after successful login, throws the user to the AJAX URL and hence the response which is an XML response, is shown on the browser.
So, basically, an XML is shown on the browser which actually is an AJAX response.
Is there any way I can handle this through JSF or some changes in siteminder configuration are needed. I do not have access to the siteminder.
I was searching on Google and found a URL describing the same issue. But the guy did not get any response. I am facing the exact issue.
Anybody's got any input on this ? I am wondering I am unable to find anything on this on Google, for it should be a pretty common problem (Even if siteminder is not used and custom login implementation is done and user is redirected to the original page using this -)
If a custom implementation is done, I may strip off the query string part and store the request URI, but with siteminder, I don't find anything after Google search.
Joined: Jan 22, 2012
i have a web application that uses j_security_check for login purpose.
when session of a user time outs it is redirected to last accessed source (such as xml,html page or amf). My aim is to enable to user to redirected to the same resource(page) after login. I solved this problem by makig ajax call when submit button pressed. Here is my solution
Joined: Apr 24, 2008
Since, I am working with JSF, I do not have this option. Moreover, every single request is intercepted by siteminder, and after the authentication, the same request is fired by siteminder and hence I see XML being printed on the browser (if it was an AJAX request initiated by a4j component).