Description
I am trying to build web application with latest possible technologies Jakarta Faces 4.0, OIDC Jakarta security, Elytron Oidc Client, Wildfly 27.0.1, Keycloak 21.0.2 (without adapter on wildfly).
Page works great, when i click on a secured link it redirects me to KeyCloak server loginpage for my realm, there i login and i am redirected back to the link i clicked.
Problem is when I login, then open two tabs(with secure url) and then logout in first one. In the second one all ajax click don't work anymore.
I am using omnifaces AjaxExceptionHandler.
<factory> <exception-handler-factory>org.omnifaces.exceptionhandler.FullAjaxExceptionHandlerFactory</exception-handler-factory> <exception-handler-factory>org.omnifaces.exceptionhandler.ViewExpiredExceptionHandlerFactory</exception-handler-factory></factory>
In a picture "Screenshot from 2023-04-16 21-45-22" is shown how request looks like when ajax button is pressed.
On a picture "Screenshot from 2023-04-16 21-45-43" we can se a response. But because it is on ajax call I cannot use it.
If i click on a new Location from header (Picture "Screenshot from 2023-04-16 21-45-22") authentication page is loaded and after successful login I get response:
<partial-response>
<redirect url="/marketing_view/app/customers/index.xhtml"/>
</partial-response>
On Wildfly I am using reverse proxy, so that I dont have problem with cross site scripting, when I am redirected to auth login page from ajax button and i dont want to change url when redirecting to login.
What I am thinking is that if my session is expired and I am clicking ajax button I should get <partial-response><redirect before redirect. Redirect should not happen on ajax.
Can you tell me which component in Wildfly is making the response 302? I my project I have only <login-config><auth-method>OIDC</auth-method></login-config> and I am using Jakarta 10.
All files to setup environment:
https://drive.google.com/drive/folders/1zZjTLJCBpb2xSGEzxdeYsytav_X_BCEi?usp=sharing
Attachments
Issue Links
- incorporates
-
WFLY-18889 org.wildfly.security.http.oidc.OidcRequestAuthenticator#loginRedirect() does not check for ajax request
- Closed