You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2010/11/01 20:26:39 UTC
svn commit: r1029799 - /sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java

Author: fmeschbe
Date: Mon Nov  1 19:26:39 2010
New Revision: 1029799

URL: http://svn.apache.org/viewvc?rev=1029799&view=rev
Log:
SLING-1855 Correctly set the form action path deduced not only from
the request context path but also the actual resource the user wants
to access to make sure the form response hits the correct authentication
handler

Modified:
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java?rev=1029799&r1=1029798&r2=1029799&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java Mon Nov  1 19:26:39 2010
@@ -130,7 +130,7 @@ public abstract class AbstractAuthentica
 
         form = form.replace("${resource}", getResource(request));
         form = form.replace("${j_reason}", getReason(request));
-        form = form.replace("${requestContextPath}", request.getContextPath());
+        form = form.replace("${requestContextPath}", getContextPath(request));
 
         return form;
     }
@@ -160,6 +160,35 @@ public abstract class AbstractAuthentica
     protected abstract String getReason(final HttpServletRequest request);
 
     /**
+     * Returns the context path for the authentication form request. This path
+     * includes the following parts:
+     * <ol>
+     * <li>The Servlet context path (
+     * <code>HttpServletRequest.getContextPath()</code></li>
+     * <li>The path to the authenticated resource as returned by
+     * {@link #getResource(HttpServletRequest)} (without the optional query
+     * string which may be contained in the resource path)</li>
+     * </ol>
+     *
+     * @param request The request
+     * @return The context path for the form action consisting of the request
+     *         context path and the resource to which the user is to
+     *         authenticate.
+     */
+    protected String getContextPath(final HttpServletRequest request) {
+        StringBuilder b = new StringBuilder();
+        b.append(request.getContextPath());
+        String resource = getResource(request);
+        int query = resource.indexOf('?');
+        if (query > 0) {
+            b.append(resource.substring(0, query));
+        } else {
+            b.append(resource);
+        }
+        return b.toString();
+    }
+
+    /**
      * Load the raw unmodified form from the bundle (through the class loader).
      *
      * @return The raw form as a string