LameSecurityFilters only redirects to the login form on addPost and deletePost actions (I'm not sure the latter one even exists). So if the user isn't logged in, addPostAjax just throws an NPE.
Also problematic is the lack of a login form :wink:
A potential solution for addPostAjax is for it to return a 401 if there is no 'user' object in the session. In fact, we should probably display a login link and hide the post submission form until there is a user in the session.
LameSecurityFilters
only redirects to the login form onaddPost
anddeletePost
actions (I'm not sure the latter one even exists). So if the user isn't logged in,addPostAjax
just throws an NPE.Also problematic is the lack of a login form :wink:
A potential solution for
addPostAjax
is for it to return a 401 if there is no 'user' object in the session. In fact, we should probably display a login link and hide the post submission form until there is a user in the session.