You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2014/03/10 10:56:43 UTC
[jira] [Commented] (SLING-3443) Parameter based redirection in
FormAuthenticationHandler should not handle absolute urls
[ https://issues.apache.org/jira/browse/SLING-3443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13925608#comment-13925608 ]
Carsten Ziegeler commented on SLING-3443:
-----------------------------------------
Thanks for your patch, I've applied a slightly modified version which also replaces the usage of deprecated API.
The basic difference is that not AuthUtil.sendRedirect is used to do the redirect as this one always at least adds the login resource parameter which I think is wrong as the authentication was successful. The original code did not any parameter to the redirect, so I think we should keep it like this
> Parameter based redirection in FormAuthenticationHandler should not handle absolute urls
> ----------------------------------------------------------------------------------------
>
> Key: SLING-3443
> URL: https://issues.apache.org/jira/browse/SLING-3443
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Form Based Authentication 1.0.2
> Reporter: Ravi Teja
> Priority: Critical
> Original Estimate: 48h
> Remaining Estimate: 48h
>
> Suppose your login url is: http://blah/blah?resource=http://www.google.com
> Then after login succeeds, user would be redirected to http://www.google.com
> Will be submitting a pull request for this.
--
This message was sent by Atlassian JIRA
(v6.2#6252)