How to handle status 401 Unauthorized in up-target link?

Jan Stamer

unread,

Dec 14, 2020, 8:53:50 AM12/14/20

to unpoly

Hi,

I am pretty new to unpoly, and have a question concerning authentication and up-target links:

Problem Background:

I have a web app with a classic cookie based web session. The user logs in and uses the web app which is based on unpoly. Now the user does not work anymore so the session expires. The next time he clicks on a link that's handled by unpoly the http status 401 is returned. Now nothing happens, and that's the problem I am facing. So actually if the link would be a normal link without unpoly the server would redirect the user to the login form.

Problem/Questin in short:

How can I redirect the user to the login form when a unpoly link with "up-target" gets a result of 401 Unauthorized?

Thanks,

Jan

adam.me...@gmail.com

unread,

Dec 14, 2020, 9:42:21 AM12/14/20

to unpoly

This will be a lot better with Unpoly 2 since it allows deeper integration into responses as well as arbitrary redirects, but I can think of two possible options here:

1. Don't return 401, but rather return a redirect to the login page. Maybe do it conditionally on Unpoly requests? Set a fail target on your elements for `body` as well.

2. Set a header when setting 401 that indicates a redirect to the login page, and then setup a listener for `up:proxy:loaded`. Check for that header and then set window.location if necessary.

If you're returning 401 without setting WWW-Authenticate header, that might be hiding more issues than solving.

Jan Stamer

unread,

Dec 14, 2020, 2:24:42 PM12/14/20

to unpoly

Hi,

thanks! I figured out how to send a redirect instead and now it works smoothly. It was just a bad configuration of Spring security which caused the unfortunate behaviour.