I am trying to implement form authentication in my ajax application. The problem I have is that when the session expires I get 302 code which redirects me to a login page I specified in web.xml (and it messes everything up refreshing the whole app to login page).
What I want to do is to get a "not authenticated" (401) code, then display the login form in a popup window and when the login is successful continue with what I was doing.
here is a picture of what is going on:
and the docs http://docs.oracle.com/javaee/1.4/tutorial/doc/Security5.html
basically, I want to display the popup instead of redirect to login page and then don't do the redirect to the resource but do my update in AJAX way. From what I understand it couldn't be done only on the client side since the redirect can't be avoided (see here: redirect info), I would need to write some kind of logic on the server to prevent redirect, see here for detail about doing it in IIS: IIS implementation
P.S. So far this: http://www.oracle.com/technetwork/articles/entarch/session-lifecycle-096133.html looks like the most promising way to implement it. The class is deprecated, but I can't find the new one and think it's the only way to do it for Weblogic.
