You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2016/03/28 15:23:25 UTC
[jira] [Assigned] (SLING-5629) redirectAfterLogout prepends servlet
context to the target, when it's already there
[ https://issues.apache.org/jira/browse/SLING-5629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler reassigned SLING-5629:
---------------------------------------
Assignee: Carsten Ziegeler
> redirectAfterLogout prepends servlet context to the target, when it's already there
> -----------------------------------------------------------------------------------
>
> Key: SLING-5629
> URL: https://issues.apache.org/jira/browse/SLING-5629
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Auth Core 1.3.12
> Reporter: Guillaume Lucazeau
> Assignee: Carsten Ziegeler
> Fix For: Auth Core 1.3.14
>
>
> In SlingAuthenticator.redirectAfterLogout, a call is made to AuthUtil.isRedirectValid(request, target) which expects the target to contain the servlet context path.
> When the validation is made, the call for redirection appends the servlet context to the same target, leading to a duplicated context:
> Line 1417: response.sendRedirect(request.getContextPath() + target);
> Calling http://localhost:8080/dev/system/sling/logout?resource=/dev/content/node1.html redirects to http://localhost:8080/dev/dev/content/node1.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)