I've solved the issue by using the WebAuthentication class mentioned here http://wiki.jboss.org/wiki/Wiki.jsp?page=WebAuthentication inside a custom servlet. So I let the ejb method security take over the security aspect and don't have the web container manage any protected pages. When a session expires the overridden onExpired event gets called and I can redirect the user to a login page.
We are using Richfaces 3.1.5.GA on a WebSphere 6.0 Server. J2EE Security is activate.
If the security token times out, WebSphere redirects to the login page (this means WebSphere sends a 302 to login page as response to a http post).
If this is caused by an AJAX request, richfaces does not do anything to handle this error. We expected richfaces to call the A4J.AJAX.onError or A4J.AJAX.onExpired functions, but nothing happens.
Is there a possibility to handle these errors in richfaces?