You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/06/10 10:13:21 UTC
[jira] [Commented] (SLING-5629) redirectAfterLogout prepends
servlet context to the target, when it's already there
[ https://issues.apache.org/jira/browse/SLING-5629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15324173#comment-15324173 ]
ASF GitHub Bot commented on SLING-5629:
---------------------------------------
Github user glucazeau closed the pull request at:
https://github.com/apache/sling/pull/132
> redirectAfterLogout prepends servlet context to the target, when it's already there
> -----------------------------------------------------------------------------------
>
> Key: SLING-5629
> URL: https://issues.apache.org/jira/browse/SLING-5629
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Auth Core 1.3.12
> Reporter: Guillaume Lucazeau
> Assignee: Carsten Ziegeler
> Fix For: Auth Core 1.3.14
>
>
> In SlingAuthenticator.redirectAfterLogout, a call is made to AuthUtil.isRedirectValid(request, target) which expects the target to contain the servlet context path.
> When the validation is made, the call for redirection appends the servlet context to the same target, leading to a duplicated context:
> Line 1417: response.sendRedirect(request.getContextPath() + target);
> Calling http://localhost:8080/dev/system/sling/logout?resource=/dev/content/node1.html redirects to http://localhost:8080/dev/dev/content/node1.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)