You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Justin Edelson (JIRA)" <ji...@apache.org> on 2010/07/05 20:12:50 UTC

[jira] Created: (SLING-1588) form auth can create an endless redirect loop

form auth can create an endless redirect loop
---------------------------------------------

                 Key: SLING-1588
                 URL: https://issues.apache.org/jira/browse/SLING-1588
             Project: Sling
          Issue Type: Bug
          Components: Extensions
            Reporter: Justin Edelson
            Priority: Critical
             Fix For: Extensions Form Based Authentication 1.0.0


Steps to reproduce (I'm sure there's more than one way to reproduce this):

* Take trunk launchpad and add formauth bundle
* Set service.ranking of FormAuthenticationHandler to > 0

Then...
curl -v -b sling.formauth=garbage http://localhost:8888/index.html

redirects to http://localhost:8888/system/sling/form/login?resource=%2Findex.html&j_reason=TIMEOUT

so try this url:

curl -v -b sling.formauth=garbage http://localhost:8888/system/sling/form/login?resource=%2Findex.html\&j_reason=TIMEOUT

which redirects to:

http://localhost:8888/system/sling/form/login?resource=%2Fsystem%2Fsling%2Fform%2Flogin&j_reason=TIMEOUT

requesting that url with a garbage cookie redirects again and again and again...

workaround is to enable the "Include Form" option. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (SLING-1588) form auth can create an endless redirect loop

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SLING-1588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger closed SLING-1588.
------------------------------------


Close after release

> form auth can create an endless redirect loop
> ---------------------------------------------
>
>                 Key: SLING-1588
>                 URL: https://issues.apache.org/jira/browse/SLING-1588
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>            Reporter: Justin Edelson
>            Priority: Critical
>             Fix For: Form Based Authentication 1.0.0
>
>
> Steps to reproduce (I'm sure there's more than one way to reproduce this):
> * Take trunk launchpad and add formauth bundle
> * Set service.ranking of FormAuthenticationHandler to > 0
> Then...
> curl -v -b sling.formauth=garbage http://localhost:8888/index.html
> redirects to http://localhost:8888/system/sling/form/login?resource=%2Findex.html&j_reason=TIMEOUT
> so try this url:
> curl -v -b sling.formauth=garbage http://localhost:8888/system/sling/form/login?resource=%2Findex.html\&j_reason=TIMEOUT
> which redirects to:
> http://localhost:8888/system/sling/form/login?resource=%2Fsystem%2Fsling%2Fform%2Flogin&j_reason=TIMEOUT
> requesting that url with a garbage cookie redirects again and again and again...
> workaround is to enable the "Include Form" option. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (SLING-1588) form auth can create an endless redirect loop

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SLING-1588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger updated SLING-1588:
-------------------------------------

    Component/s: Authentication
                     (was: Extensions)

> form auth can create an endless redirect loop
> ---------------------------------------------
>
>                 Key: SLING-1588
>                 URL: https://issues.apache.org/jira/browse/SLING-1588
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>            Reporter: Justin Edelson
>            Priority: Critical
>             Fix For: Form Based Authentication 1.0.0
>
>
> Steps to reproduce (I'm sure there's more than one way to reproduce this):
> * Take trunk launchpad and add formauth bundle
> * Set service.ranking of FormAuthenticationHandler to > 0
> Then...
> curl -v -b sling.formauth=garbage http://localhost:8888/index.html
> redirects to http://localhost:8888/system/sling/form/login?resource=%2Findex.html&j_reason=TIMEOUT
> so try this url:
> curl -v -b sling.formauth=garbage http://localhost:8888/system/sling/form/login?resource=%2Findex.html\&j_reason=TIMEOUT
> which redirects to:
> http://localhost:8888/system/sling/form/login?resource=%2Fsystem%2Fsling%2Fform%2Flogin&j_reason=TIMEOUT
> requesting that url with a garbage cookie redirects again and again and again...
> workaround is to enable the "Include Form" option. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (SLING-1588) form auth can create an endless redirect loop

Posted by "Ian Boston (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SLING-1588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ian Boston resolved SLING-1588.
-------------------------------

    Resolution: Fixed

I think this is now fixed,
>From the curl sequence the cookie is removed before the redirect and then the form displays no infinite loop.


> form auth can create an endless redirect loop
> ---------------------------------------------
>
>                 Key: SLING-1588
>                 URL: https://issues.apache.org/jira/browse/SLING-1588
>             Project: Sling
>          Issue Type: Bug
>          Components: Extensions
>            Reporter: Justin Edelson
>            Priority: Critical
>             Fix For: Extensions Form Based Authentication 1.0.0
>
>
> Steps to reproduce (I'm sure there's more than one way to reproduce this):
> * Take trunk launchpad and add formauth bundle
> * Set service.ranking of FormAuthenticationHandler to > 0
> Then...
> curl -v -b sling.formauth=garbage http://localhost:8888/index.html
> redirects to http://localhost:8888/system/sling/form/login?resource=%2Findex.html&j_reason=TIMEOUT
> so try this url:
> curl -v -b sling.formauth=garbage http://localhost:8888/system/sling/form/login?resource=%2Findex.html\&j_reason=TIMEOUT
> which redirects to:
> http://localhost:8888/system/sling/form/login?resource=%2Fsystem%2Fsling%2Fform%2Flogin&j_reason=TIMEOUT
> requesting that url with a garbage cookie redirects again and again and again...
> workaround is to enable the "Include Form" option. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.