You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Justin Edelson (JIRA)" <ji...@apache.org> on 2010/07/05 20:12:50 UTC
[jira] Created: (SLING-1588) form auth can create an endless
redirect loop
form auth can create an endless redirect loop
---------------------------------------------
Key: SLING-1588
URL: https://issues.apache.org/jira/browse/SLING-1588
Project: Sling
Issue Type: Bug
Components: Extensions
Reporter: Justin Edelson
Priority: Critical
Fix For: Extensions Form Based Authentication 1.0.0
Steps to reproduce (I'm sure there's more than one way to reproduce this):
* Take trunk launchpad and add formauth bundle
* Set service.ranking of FormAuthenticationHandler to > 0
Then...
curl -v -b sling.formauth=garbage http://localhost:8888/index.html
redirects to http://localhost:8888/system/sling/form/login?resource=%2Findex.html&j_reason=TIMEOUT
so try this url:
curl -v -b sling.formauth=garbage http://localhost:8888/system/sling/form/login?resource=%2Findex.html\&j_reason=TIMEOUT
which redirects to:
http://localhost:8888/system/sling/form/login?resource=%2Fsystem%2Fsling%2Fform%2Flogin&j_reason=TIMEOUT
requesting that url with a garbage cookie redirects again and again and again...
workaround is to enable the "Include Form" option.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (SLING-1588) form auth can create an endless
redirect loop
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger closed SLING-1588.
------------------------------------
Close after release
> form auth can create an endless redirect loop
> ---------------------------------------------
>
> Key: SLING-1588
> URL: https://issues.apache.org/jira/browse/SLING-1588
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Reporter: Justin Edelson
> Priority: Critical
> Fix For: Form Based Authentication 1.0.0
>
>
> Steps to reproduce (I'm sure there's more than one way to reproduce this):
> * Take trunk launchpad and add formauth bundle
> * Set service.ranking of FormAuthenticationHandler to > 0
> Then...
> curl -v -b sling.formauth=garbage http://localhost:8888/index.html
> redirects to http://localhost:8888/system/sling/form/login?resource=%2Findex.html&j_reason=TIMEOUT
> so try this url:
> curl -v -b sling.formauth=garbage http://localhost:8888/system/sling/form/login?resource=%2Findex.html\&j_reason=TIMEOUT
> which redirects to:
> http://localhost:8888/system/sling/form/login?resource=%2Fsystem%2Fsling%2Fform%2Flogin&j_reason=TIMEOUT
> requesting that url with a garbage cookie redirects again and again and again...
> workaround is to enable the "Include Form" option.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-1588) form auth can create an endless
redirect loop
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger updated SLING-1588:
-------------------------------------
Component/s: Authentication
(was: Extensions)
> form auth can create an endless redirect loop
> ---------------------------------------------
>
> Key: SLING-1588
> URL: https://issues.apache.org/jira/browse/SLING-1588
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Reporter: Justin Edelson
> Priority: Critical
> Fix For: Form Based Authentication 1.0.0
>
>
> Steps to reproduce (I'm sure there's more than one way to reproduce this):
> * Take trunk launchpad and add formauth bundle
> * Set service.ranking of FormAuthenticationHandler to > 0
> Then...
> curl -v -b sling.formauth=garbage http://localhost:8888/index.html
> redirects to http://localhost:8888/system/sling/form/login?resource=%2Findex.html&j_reason=TIMEOUT
> so try this url:
> curl -v -b sling.formauth=garbage http://localhost:8888/system/sling/form/login?resource=%2Findex.html\&j_reason=TIMEOUT
> which redirects to:
> http://localhost:8888/system/sling/form/login?resource=%2Fsystem%2Fsling%2Fform%2Flogin&j_reason=TIMEOUT
> requesting that url with a garbage cookie redirects again and again and again...
> workaround is to enable the "Include Form" option.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SLING-1588) form auth can create an endless
redirect loop
Posted by "Ian Boston (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ian Boston resolved SLING-1588.
-------------------------------
Resolution: Fixed
I think this is now fixed,
>From the curl sequence the cookie is removed before the redirect and then the form displays no infinite loop.
> form auth can create an endless redirect loop
> ---------------------------------------------
>
> Key: SLING-1588
> URL: https://issues.apache.org/jira/browse/SLING-1588
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Reporter: Justin Edelson
> Priority: Critical
> Fix For: Extensions Form Based Authentication 1.0.0
>
>
> Steps to reproduce (I'm sure there's more than one way to reproduce this):
> * Take trunk launchpad and add formauth bundle
> * Set service.ranking of FormAuthenticationHandler to > 0
> Then...
> curl -v -b sling.formauth=garbage http://localhost:8888/index.html
> redirects to http://localhost:8888/system/sling/form/login?resource=%2Findex.html&j_reason=TIMEOUT
> so try this url:
> curl -v -b sling.formauth=garbage http://localhost:8888/system/sling/form/login?resource=%2Findex.html\&j_reason=TIMEOUT
> which redirects to:
> http://localhost:8888/system/sling/form/login?resource=%2Fsystem%2Fsling%2Fform%2Flogin&j_reason=TIMEOUT
> requesting that url with a garbage cookie redirects again and again and again...
> workaround is to enable the "Include Form" option.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.