During a DWR Request, if the server side redirects to another host (for instance, an Acegi Filter that would redirect the user to the SSO authentication form) , DWR gets a Security Error but does not expose in a way that can be catched by a ErrorHandler.
Firefox would thus display something like that in its console :
uncaught exception: Security Error: Content at http://myHost:8080/home.do may not load data from http://anotherhost.com
callback("anydata")home.do (line 85)
_remoteHandleCallback("1", "0", "anydata")engine.js (line 913)
_eval("\r\n//#DWR-INSERT\r\n//#DWR-REPLY\r\ndwr.engine._remoteHandleCallback('1','0',"anydata")engine.js (line 978)
_stateChange(Object map=Object charsProcessed=0 paramCount=0)engine.js (line 867)
onreadystatechange()
During a DWR Request, if the server side redirects to another host (for instance, an Acegi Filter that would redirect the user to the SSO authentication form) , DWR gets a Security Error but does not expose in a way that can be catched by a ErrorHandler.
Firefox would thus display something like that in its console :
uncaught exception: Security Error: Content at http://myHost:8080/home.do may not load data from http://anotherhost.com
callback("anydata")home.do (line 85)
_remoteHandleCallback("1", "0", "anydata")engine.js (line 913)
_eval("\r\n//#DWR-INSERT\r\n//#DWR-REPLY\r\ndwr.engine._remoteHandleCallback('1','0',"anydata")engine.js (line 978)
_stateChange(Object map=Object charsProcessed=0 paramCount=0)engine.js (line 867)
onreadystatechange()
Regards,
Sami
My workaround was to add a filter applying to all dwr urls that checked the authentication and in the event of failure rather than proceeding with the nomal redirect return a 401 which can then be caught by the dwr code on the client and handled there (in my case simply by doing a page refresh as this will then cause a redirect to my CAS)
Stewart Stevens added a comment - 04/Dec/07 8:11 PM My workaround was to add a filter applying to all dwr urls that checked the authentication and in the event of failure rather than proceeding with the nomal redirect return a 401 which can then be caught by the dwr code on the client and handled there (in my case simply by doing a page refresh as this will then cause a redirect to my CAS)
Improvement
Open
Minor
My workaround was to add a filter applying to all dwr urls that checked the authentication and in the event of failure rather than proceeding with the nomal redirect return a 401 which can then be caught by the dwr code on the client and handled there (in my case simply by doing a page refresh as this will then cause a redirect to my CAS)