You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Guillaume Lucazeau (JIRA)" <ji...@apache.org> on 2016/03/24 16:32:25 UTC

[jira] [Updated] (SLING-5629) redirectAfterLogout prepends servlet context to the target, when it's already there

     [ https://issues.apache.org/jira/browse/SLING-5629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Guillaume Lucazeau updated SLING-5629:
--------------------------------------
    Summary: redirectAfterLogout prepends servlet context to the target, when it's already there  (was: redirectAfterLogout appends servlet context to the target, when it's already there)

> redirectAfterLogout prepends servlet context to the target, when it's already there
> -----------------------------------------------------------------------------------
>
>                 Key: SLING-5629
>                 URL: https://issues.apache.org/jira/browse/SLING-5629
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Auth Core 1.3.12
>            Reporter: Guillaume Lucazeau
>
> In SlingAuthenticator.redirectAfterLogout, a call is made to AuthUtil.isRedirectValid(request, target) which expects the target to contain the servlet context path.
> When the validation is made, the call for redirection appends the servlet context to the same target, leading to a duplicated context:
> Line 1417: response.sendRedirect(request.getContextPath() + target);
> Calling http://localhost:8080/dev/system/sling/logout?resource=/dev/content/node1.html redirects to http://localhost:8080/dev/dev/content/node1.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)