Hi Marte -
I just tested the extension and did not have the beginner's luck the first time through
When the browser send an AJAX POST request from an extJS store load:
I can see the XHR header being sent by the browser. However as soon as the J2EE server on the backend notices that the request is unauthenticated, it looks at the form login descriptor in web.xml
POST /webmin/jsp/itables/usr-json.jsp HTTP/1.1
and issues a redirect (302) to the /auth page. At that point the browser follows the redirect and sends an /auth request to the J2EE server and drops the XHR header! Now the J2EEAuthServlet does not have any way of knowing that the request was an Ajax request so it sends the ordinary login.jsp page back instead of a JSON authRequest. That messes up the JSON request royally.
My question is without modifying the guts of the J2EE server's form auth mechanism how can we avoid the 302 redirect trap ? Since the redirection to /auth page is coming from within J2EE server, its too late for J2EEAuthServlet to intercept the Ajax X-Requested-With header.
How did this work for you?