You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2011/01/20 15:33:46 UTC
[jira] Commented: (SLING-1940) selector form submits to the wrong
path when used in a non-root servlet context
[ https://issues.apache.org/jira/browse/SLING-1940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12984209#action_12984209 ]
Carsten Ziegeler commented on SLING-1940:
-----------------------------------------
I think the resource path should already contain the context path and then used as is. This would allow to redirect to any path - not even within the same webapp.
> selector form submits to the wrong path when used in a non-root servlet context
> -------------------------------------------------------------------------------
>
> Key: SLING-1940
> URL: https://issues.apache.org/jira/browse/SLING-1940
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Reporter: Justin Edelson
> Assignee: Justin Edelson
>
> If you run Sling on a non-root servlet context go to the login page (e.g. http://localhost:8080/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/system/sling/login.html), the login servlet redirects to a login form with a query parameter called resource set to the servlet context path (e.g. http://localhost:8080/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/system/sling/selector/login?resource=%2Forg.apache.sling.launchpad.testing-war-6-SNAPSHOT)
> When the form is created, the HTML form submission path (i.e. the form action) contains the servlet context path *twice*, e.g.
> action="/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/j_security_check"
> The reason for this is that org.apache.sling.auth.core.spi.AbstractAuthenticationFormServlet.getContextPath() concatenates the servlet context path and the resource query param:
> StringBuilder b = new StringBuilder();
> b.append(request.getContextPath());
> String resource = getResource(request);
> int query = resource.indexOf('?');
> if (query > 0) {
> b.append(resource.substring(0, query));
> } else {
> b.append(resource);
> }
> Obviously, we should only add the servlet context path once, either in the resource query param OR AbstractAuthenticationFormServlet.getContextPath().
> My inclination is to do the former, i.e. the default value of the resource query param is "/", not the servlet context path.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.