POST /jsecurity/faces/protected/protected.xhtml HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Content-Length: 657
Faces-Request: partial/ajax
Origin: http://localhost:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.16 (KHTML, like Gecko) Chrome/24.0.1305.3 Safari/537.16
Content-type: application/x-www-form-urlencoded;charset=UTF-8
Accept: /
Referer: http://localhost:8080/jsecurity/faces/protected/protected.xhtml
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=E4E01F16A7CE64B758FEEF9E450AD168; ice.push.browser=1h97k1c9n; ice.connection.contextpath=/jsecurity; ice.connection.running=c63b6:acquired; ice.connection.lease=1352240589889
form=form&ice.window=5th97l2h3x&ice.view=vb6mwsp9&javax.faces.ViewState=-4214835742458922795%3A873485868798462855&javax.faces.source=form%3AcarTable&javax.faces.partial.execute=form%3AcarTable&javax.faces.partial.render=form%3AcarTable&ice.window=5th97l2h3x&ice.view=vb6mwsp9&ice.focus=&ice.event.target=&ice.event.captured=form%3AcarTable&ice.event.type=onclick&ice.event.alt=false&ice.event.ctrl=false&ice.event.shift=false&ice.event.meta=false&ice.event.x=783&ice.event.y=102&ice.event.left=false&ice.event.right=false&form%3AcarTable=form%3AcarTable&form%3AcarTable_paging=true&form%3AcarTable_rows=2&form%3AcarTable_page=2&javax.faces.partial.ajax=true
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=129E3DBF030FCA0F962BD41722D394C7; Path=/jsecurity/; HttpOnly
X-Powered-By: JSF/2.0
Cache-Control: no-cache
Content-Type: text/xml;charset=UTF-8
Content-Length: 276
Date: Tue, 06 Nov 2012 22:23:08 GMT
<?xml version='1.0' encoding='UTF-8'?>
<partial-response><changes><update id="javax.faces.ViewState"><![CDATA[8157311465288573389:-7796284620318046102]]></update><extension aceCallbackParam="validationFailed">
{"validationFailed":false}
</extension></changes></partial-response>
This does not seem to be applying authentication to the POST request, so will add the following to web.xml under <web-resource-collection>:
<http-method>GET</http-method>
<http-method>POST</http-method>
Past versions of ICEfaces would apply the non-xml response directly to the page, but this would not render correctly in some cases due to the different processing by the browser.
A better approach would be to look at the referrer or a custom header so that when the bridge detects an html ajax response, the header would be inspected, or a custom marker within the html page would be inspected, and a redirect to that page would occur. The easiest approach for the application developer is likely to put a URL marker within the login page itself.