The problem as described below:
Once the user login success, he can do anything as he want without problem. However, if the user idle for a long time until session timeout and he come back to click on the ItsNat document. ItsNat will sent Ajax to server for processing. Shiro at this moment detected the unauthenticated request because of previous session expired, it will redirect to login page. However, redirect the Ajax request to login page will not cause Browser really goes to the login page. The syndrome is the browser looks as if hanged without any response to user's action.
itsNatServlet.addEventListener(new SPITutGlobalEventListener());
public class SPITutGlobalEventListener implements EventListener { public SPITutGlobalEventListener() { } public void handleEvent(Event evt) { ItsNatEvent itsNatEvt = (ItsNatEvent)evt; if (itsNatEvt.getItsNatDocument() == null) { StringBuilder code = new StringBuilder(); code.append("if (confirm('Expired session. Reload?'))"); code.append(" window.location.reload(true);"); ClientDocument clientDoc = itsNatEvt.getClientDocument(); clientDoc.addCodeToSend(code.toString()); itsNatEvt.getItsNatEventListenerChain().stop(); } } }
Of course previous code is just an example, you can force a redirection to a concrete page.
Regards
--
You received this message because you are subscribed to the Google Groups "itsnat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to itsnat+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
itsNatServlet.addEventListener(new SPITutGlobalEventListener());
registers a global AJAX listener, all ajax requests are ever dispatched to this listener, when session is expired all user ItsNatDocuments are lost , this is why the event returns a null for the target document, the way to detect web session is lost (exactly the target itsnat doc is lost in server but in practice is due to session expiring), remember this is the process of an ajax request, this is why redirection is done with JS code and using the ClientDocument object, which represents the client browser in spite not existing a ItsNatDocument counterpart.
Thanks Jose for your suggestion.
In fact, the ItsNat servlet can only be processed after Shiro auth filter. Therefore, session detection in this case is useless unless Shiro is not applied.
Finally, I found out a solution is setting a filter before Shiro auth filter to check whether the user is authenticated. If session expired, the user will becomes to unauthenticated. My filter will sent out a javascript to client browser for location redirection to the login page.