Marte - this is absolutely wonderful. I was able to adapt this for my hobby application that is hosted in Glassfish with form based authentication. A few changes I had to make:
- In my development environment, my Ext-JS project is under a different web-app name than my JAX-RS project. I pass this as a relative query parameter to my application and have a JS class to handle this and use this to configure the proxies. As such I had to ensure the same web-app as the server was used for the action of the authentication form.
- Instead of just reading the json (which is what I did originally) I instead had it also check for the existence of a 'action="j_security_check"' string and if so set the authentication to true. This allows me to continue to use my nicely formatted HTML login for other applications (or hitting the web services directly from a browser outside of my Ext-JS app).
- I had to change the loadMask code to the following since isVisible( ) was returning false even though it was shown. Strangely enough isHidden( ) was returning the proper response.
I will need to modify the login dialog, but that is straight forward. Thanks for working this out.....
if( loadMask && !loadMask.isHidden() )
The other strange thing I am seeing.... my JAX-RS services only accept application/json or html/xml, application/xml content types. When I send the credentials to the server with the j_security_check action, it comes back with a 302 "Temporarily Moved" response and it appears the browser is doing a GET using the content type of security POST (which is x-www-form-urlencoded) causing a 415 Unaccepted Content Type to be raised by my webservices (even if I am doing a POST operation) and then immediately the proper POST is fired with the correct content-types (this proper post I believe is coming from the callback rolloff on the Ajax operations). I am not sure where the GET is coming from (as it is not hitting breakpoints in the .js) leading me to suspect it is a browser request. Have you seen this?
Using EXT 4.1.1