Hi,
Just wondered if there is a web filter configuration that would allow a custom HTTP Status code and message to be passed to a client in the event that they are not logged in (e.g. session timeout)? My current setup is that one set of resources has noSessionCreation, authcBasic filters enforcing basic authentication on every request (this is external API), and another set uses authc since this is for a browser and redirects to the login page in the event the user is not logged in. However the browser app is actually AJAX based and in the event the users session has timed out what happens is that I get an OK response from the server with the contents of the login page since the browser "handles" the "302 moved temporarily" itself within the AJAX call. Since a user must login prior to reaching the AJAX based pages, what would be ideal is a filter on the AJAX API that doesn't have any built in authentication mechanism (no forms, no http headers) and relies on an existing session. In the event this has timed out then I would like to simply set the HTTP status on the response and perhaps the Location header to allow the AJAX client to send the browser to the login page (effectively letting the client side handle what the FormAuthenticationFilter currently does). Is there anything existing that can do this (I will roll my own if necessary but rying to avoid reinventing the wheel). Regards, Marcus.
