LameSecurityFilters only redirects to the login form on addPost and deletePost actions (I'm not sure the latter one even exists). So if the user isn't logged in, addPostAjax just throws an NPE.
Also problematic is the lack of a login form :wink:
A potential solution for addPostAjax is for it to return a 401 if there is no 'user' object in the session. In fact, we should probably display a login link and hide the post submission form until there is a user in the session.
LameSecurityFiltersonly redirects to the login form onaddPostanddeletePostactions (I'm not sure the latter one even exists). So if the user isn't logged in,addPostAjaxjust throws an NPE.Also problematic is the lack of a login form :wink:
A potential solution for
addPostAjaxis for it to return a 401 if there is no 'user' object in the session. In fact, we should probably display a login link and hide the post submission form until there is a user in the session.