You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2011/01/20 15:33:46 UTC

[jira] Commented: (SLING-1940) selector form submits to the wrong path when used in a non-root servlet context

    [ https://issues.apache.org/jira/browse/SLING-1940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12984209#action_12984209 ] 

Carsten Ziegeler commented on SLING-1940:
-----------------------------------------

I think the resource path should already contain the context path and then used as is. This would allow to redirect to any path - not even within the same webapp.

> selector form submits to the wrong path when used in a non-root servlet context
> -------------------------------------------------------------------------------
>
>                 Key: SLING-1940
>                 URL: https://issues.apache.org/jira/browse/SLING-1940
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>            Reporter: Justin Edelson
>            Assignee: Justin Edelson
>
> If you run Sling on a non-root servlet context go to the login page (e.g. http://localhost:8080/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/system/sling/login.html), the login servlet redirects to a login form with a query parameter called resource set to the servlet context path (e.g. http://localhost:8080/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/system/sling/selector/login?resource=%2Forg.apache.sling.launchpad.testing-war-6-SNAPSHOT)
> When the form is created, the HTML form submission path (i.e. the form action) contains the servlet context path *twice*, e.g.
> action="/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/j_security_check"
> The reason for this is that org.apache.sling.auth.core.spi.AbstractAuthenticationFormServlet.getContextPath() concatenates the servlet context path and the resource query param:
>         StringBuilder b = new StringBuilder();
>         b.append(request.getContextPath());
>         String resource = getResource(request);
>         int query = resource.indexOf('?');
>         if (query > 0) {
>             b.append(resource.substring(0, query));
>         } else {
>             b.append(resource);
>         }
> Obviously, we should only add the servlet context path once, either in the resource query param OR AbstractAuthenticationFormServlet.getContextPath().
> My inclination is to do the former, i.e. the default value of the resource query param is "/", not the servlet context path.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.