mraible/j_security_check.patch

## j_security_check.patch
Index: src/main/webapp/login.jsp
===================================================================
--- src/main/webapp/login.jsp	(revision 64b117c649d5b11a16c312d3b02e68f409294945)
+++ src/main/webapp/login.jsp	(revision )
@@ -43,9 +43,12 @@

     $("#login").live('click', function(e) {
         e.preventDefault();
-        $.ajax({url: getHost() + "${ctx}/api/login.json",
+        $.ajax({url: getHost() + "${ctx}/j_security_check",
             type: "POST",
             data: $("#loginForm").serialize(),
+            beforeSend: function (xhr) {
+                xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+            },
             success: function(data, status) {
                 if (data.loggedIn) {
                     // success
Index: src/main/webapp/WEB-INF/security.xml
===================================================================
--- src/main/webapp/WEB-INF/security.xml	(revision 64b117c649d5b11a16c312d3b02e68f409294945)
+++ src/main/webapp/WEB-INF/security.xml	(revision )
@@ -13,7 +13,8 @@
         <intercept-url pattern="/app/users" access="ROLE_ADMIN" requires-channel="https"/>
         <intercept-url pattern="/app/**" access="ROLE_ADMIN,ROLE_USER" requires-channel="any"/>
         <form-login login-page="/login" authentication-failure-url="/login?error=true"
-                    login-processing-url="/j_security_check"/>
+                    login-processing-url="/j_security_check"
+                    authentication-success-handler-ref="ajaxAuthenticationHandler"/>
         <logout logout-url="/logout"/>
         <session-management session-fixation-protection="newSession" >
             <concurrency-control max-sessions="1" error-if-maximum-exceeded="false"/>
@@ -34,6 +35,13 @@
         <protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" access="ROLE_ADMIN"/>
     </global-method-security>

+    <beans:bean id="ajaxAuthenticationHandler" class="org.appfuse.examples.web.AjaxAuthenticationSuccessHandler">
+        <beans:constructor-arg ref="defaultSuccessHandler"/>
+    </beans:bean>
+
+    <beans:bean id="defaultSuccessHandler"
+                class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"/>
+
     <!-- Override userSecurityAdvice bean in appfuse-service to allow any role to update a user. -->
     <beans:bean id="userSecurityAdvice" class="org.appfuse.examples.web.UserSecurityAdvice"/>
 </beans:beans>
\ No newline at end of file
Index: src/main/java/org/appfuse/examples/web/AjaxAuthenticationSuccessHandler.java
===================================================================
--- src/main/java/org/appfuse/examples/web/AjaxAuthenticationSuccessHandler.java	(revision )
+++ src/main/java/org/appfuse/examples/web/AjaxAuthenticationSuccessHandler.java	(revision )
@@ -0,0 +1,30 @@
+package org.appfuse.examples.web;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class AjaxAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
+    private AuthenticationSuccessHandler defaultHandler;
+
+    public AjaxAuthenticationSuccessHandler(AuthenticationSuccessHandler defaultHandler) {
+        this.defaultHandler = defaultHandler;
+    }
+
+    public void onAuthenticationSuccess(HttpServletRequest request,
+                                        HttpServletResponse response,
+                                        Authentication auth)
+            throws IOException, ServletException {
+        System.out.println("in AjaxAuthenticationSuccessHandler");
+        if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))) {
+            response.getWriter().print("ok");
+            response.getWriter().flush();
+        } else {
+            defaultHandler.onAuthenticationSuccess(request, response, auth);
+        }
+    }
+}
	Index: src/main/webapp/login.jsp
	===================================================================
	--- src/main/webapp/login.jsp (revision 64b117c649d5b11a16c312d3b02e68f409294945)
	+++ src/main/webapp/login.jsp (revision )
	@@ -43,9 +43,12 @@

	$("#login").live('click', function(e) {
	e.preventDefault();
	- $.ajax({url: getHost() + "${ctx}/api/login.json",
	+ $.ajax({url: getHost() + "${ctx}/j_security_check",
	type: "POST",
	data: $("#loginForm").serialize(),
	+ beforeSend: function (xhr) {
	+ xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
	+ },
	success: function(data, status) {
	if (data.loggedIn) {
	// success
	Index: src/main/webapp/WEB-INF/security.xml
	===================================================================
	--- src/main/webapp/WEB-INF/security.xml (revision 64b117c649d5b11a16c312d3b02e68f409294945)
	+++ src/main/webapp/WEB-INF/security.xml (revision )
	@@ -13,7 +13,8 @@
	<intercept-url pattern="/app/users" access="ROLE_ADMIN" requires-channel="https"/>
	<intercept-url pattern="/app/**" access="ROLE_ADMIN,ROLE_USER" requires-channel="any"/>
	<form-login login-page="/login" authentication-failure-url="/login?error=true"
	- login-processing-url="/j_security_check"/>
	+ login-processing-url="/j_security_check"
	+ authentication-success-handler-ref="ajaxAuthenticationHandler"/>
	<logout logout-url="/logout"/>
	<session-management session-fixation-protection="newSession" >
	<concurrency-control max-sessions="1" error-if-maximum-exceeded="false"/>
	@@ -34,6 +35,13 @@
	<protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" access="ROLE_ADMIN"/>
	</global-method-security>

	+ <beans:bean id="ajaxAuthenticationHandler" class="org.appfuse.examples.web.AjaxAuthenticationSuccessHandler">
	+ <beans:constructor-arg ref="defaultSuccessHandler"/>
	+ </beans:bean>
	+
	+ <beans:bean id="defaultSuccessHandler"
	+ class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"/>
	+
	<!-- Override userSecurityAdvice bean in appfuse-service to allow any role to update a user. -->
	<beans:bean id="userSecurityAdvice" class="org.appfuse.examples.web.UserSecurityAdvice"/>
	</beans:beans>
	\ No newline at end of file
	Index: src/main/java/org/appfuse/examples/web/AjaxAuthenticationSuccessHandler.java
	===================================================================
	--- src/main/java/org/appfuse/examples/web/AjaxAuthenticationSuccessHandler.java (revision )
	+++ src/main/java/org/appfuse/examples/web/AjaxAuthenticationSuccessHandler.java (revision )
	@@ -0,0 +1,30 @@
	+package org.appfuse.examples.web;
	+
	+import org.springframework.security.core.Authentication;
	+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
	+
	+import javax.servlet.ServletException;
	+import javax.servlet.http.HttpServletRequest;
	+import javax.servlet.http.HttpServletResponse;
	+import java.io.IOException;
	+
	+public class AjaxAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
	+ private AuthenticationSuccessHandler defaultHandler;
	+
	+ public AjaxAuthenticationSuccessHandler(AuthenticationSuccessHandler defaultHandler) {
	+ this.defaultHandler = defaultHandler;
	+ }
	+
	+ public void onAuthenticationSuccess(HttpServletRequest request,
	+ HttpServletResponse response,
	+ Authentication auth)
	+ throws IOException, ServletException {
	+ System.out.println("in AjaxAuthenticationSuccessHandler");
	+ if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))) {
	+ response.getWriter().print("ok");
	+ response.getWriter().flush();
	+ } else {
	+ defaultHandler.onAuthenticationSuccess(request, response, auth);
	+ }
	+ }
	+}