added ajax aware PassThruAuthenticationFilter to support redirect to login page when ajax request is made while session is timed out

shiro-faces/pom.xml

@@ -36,6 +36,10 @@
             <version>${elapi.version}</version>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>javax</groupId>
+            <artifactId>javaee-api</artifactId>
+        </dependency>
     </dependencies>    
      
 </project>

shiro-faces/src/main/java/de/muehlencord/shirofaces/filter/FacesAjaxAwarePassThruAuthenticationFilter.java

@@ -0,0 +1,35 @@
+package de.muehlencord.shirofaces.filter;
+
+import java.io.IOException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter;
+
+/**
+ * found at http://balusc.omnifaces.org/2013/01/apache-shiro-is-it-ready-for-java-ee-6.html#MakeShiroJSFAjaxAware)
+ * source by BalusC, adjusted to PassThruAuthenticationFilter by Joern Muehlencord
+ * @author BalusC  
+ * @author Joern Muehlencord <joern at muehlencord.de>
+ */
+public class FacesAjaxAwarePassThruAuthenticationFilter extends PassThruAuthenticationFilter {
+
+    private static final String FACES_REDIRECT_XML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+            + "<partial-response><redirect url=\"%s\"></redirect></partial-response>";
+    
+    
+    @Override
+    protected void redirectToLogin(ServletRequest req, ServletResponse res) throws IOException {
+        HttpServletRequest request = (HttpServletRequest) req;
+
+        if ("partial/ajax".equals(request.getHeader("Faces-Request"))) {
+            res.setContentType("text/xml");
+            res.setCharacterEncoding("UTF-8");
+            res.getWriter().printf(FACES_REDIRECT_XML, request.getContextPath() + getLoginUrl());
+        }
+        else {
+            super.redirectToLogin(req, res);
+        }
+    }
+    
+}