This is an automated email from the ASF dual-hosted git repository. kwin pushed a commit to branch feature/default-redirect-to-resource in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-core.git
commit 9aeb3bd98031b35a6be598587bf9e32044e15164 Author: Konrad Windszus <[email protected]> AuthorDate: Mon Dec 8 13:22:48 2025 +0100 SLING-13025 Evaluate "resource" as fallback to "sling.auth.redirect" In most cases the "resource" is anyhow set (to correctly deal with failed authentications to determine the login path) and is used as redirect target for successful authentications as well. --- .../java/org/apache/sling/auth/core/AuthUtil.java | 37 ++++++++++++++++++++++ .../org/apache/sling/auth/core/package-info.java | 4 +-- .../spi/DefaultAuthenticationFeedbackHandler.java | 10 ++++-- ...efaultJakartaAuthenticationFeedbackHandler.java | 11 +++++-- 4 files changed, 54 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/apache/sling/auth/core/AuthUtil.java b/src/main/java/org/apache/sling/auth/core/AuthUtil.java index b57c11f..de47678 100644 --- a/src/main/java/org/apache/sling/auth/core/AuthUtil.java +++ b/src/main/java/org/apache/sling/auth/core/AuthUtil.java @@ -37,6 +37,7 @@ import org.apache.sling.api.auth.Authenticator; import org.apache.sling.api.resource.ResourceResolver; import org.apache.sling.api.resource.ResourceUtil; import org.apache.sling.auth.core.spi.JakartaAuthenticationHandler; +import org.jetbrains.annotations.Nullable; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -201,6 +202,7 @@ public final class AuthUtil { * @return The non-empty redirection target or * <code>defaultLoginResource</code>. * @deprecated Use {@link #getLoginResource(HttpServletRequest, String)} + * @see #getMappedLoginResourcePath(javax.servlet.http.HttpServletRequest, String) */ @Deprecated public static String getLoginResource( @@ -208,6 +210,41 @@ public final class AuthUtil { return getAttributeOrParameter(request, Authenticator.LOGIN_RESOURCE, defaultLoginResource); } + /** + * Returns the mapped resource path (to redirect to after a successful authentication). + * It still needs to be validated by the caller. + * Use this method to issue a redirect instead of {@link #getLoginResource(HttpServletRequest, String)} to correctly consider resource resolver mapping. + * @return the mapped path of the resource target or {@code null} if non is given in the request + * @since 1.7.0 (Bundle Version 2.1.0) + */ + public static @Nullable String getMappedLoginResourcePath( + final HttpServletRequest request, String defaultLoginResource) { + String resourcePath = getLoginResource(request, defaultLoginResource); + if (resourcePath == null) { + return null; + } + return getResourceResolver(request).map(resourcePath); + } + + /** + * Returns the mapped resource path (to redirect to after a successful authentication). + * It still needs to be validated by the caller. + * Use this method to issue a redirect instead of {@link #getLoginResource(javax.servlet.http.HttpServletRequest, String)} to correctly consider resource resolver mapping. + * @return the mapped path of the resource target or {@code null} if non is given in the request + * + * @deprecated Use {@link #getMappedLoginResourcePath(HttpServletRequest, String)} + * @since 1.7.0 (Bundle Version 2.1.0) + */ + @Deprecated + public static @Nullable String getMappedLoginResourcePath( + final javax.servlet.http.HttpServletRequest request, String defaultLoginResource) { + String resourcePath = getLoginResource(request, defaultLoginResource); + if (resourcePath == null) { + return null; + } + return getResourceResolver(request).map(resourcePath); + } + /** * Ensures and returns the {@link Authenticator#LOGIN_RESOURCE} request * attribute is set to a non-null, non-empty string. If the attribute is not diff --git a/src/main/java/org/apache/sling/auth/core/package-info.java b/src/main/java/org/apache/sling/auth/core/package-info.java index 4102d58..9b8262a 100755 --- a/src/main/java/org/apache/sling/auth/core/package-info.java +++ b/src/main/java/org/apache/sling/auth/core/package-info.java @@ -22,7 +22,7 @@ * of utility functions in the {@link org.apache.sling.auth.core.AuthUtil} * class. * - * @version 1.6.0 + * @version 1.7.0 */ [email protected]("1.6.0") [email protected]("1.7.0") package org.apache.sling.auth.core; diff --git a/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java b/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java index dae3d9a..ca4c365 100644 --- a/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java +++ b/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java @@ -37,8 +37,9 @@ public class DefaultAuthenticationFeedbackHandler implements AuthenticationFeedb * authentication and <code>true</code> if the request has been redirected. * <p> * This method checks {@link AuthenticationSupport#REDIRECT_PARAMETER} - * request parameter for the redirect target. This parameter is handled - * as follows: + * request parameter for the redirect target. If that is not set, it falls back + * to check for {@link AuthUtil#getMappedLoginResourcePath(HttpServletRequest, String)}. + * The parameter is handled as follows: * <ul> * <li>If the parameter does not exist, the method does not redirect and * <code>false</code> is returned.</li> @@ -101,7 +102,10 @@ public class DefaultAuthenticationFeedbackHandler implements AuthenticationFeedb private static String getValidatedRedirectTarget(final HttpServletRequest request) { String redirect = request.getParameter(AuthenticationSupport.REDIRECT_PARAMETER); if (redirect == null) { - return null; + redirect = AuthUtil.getMappedLoginResourcePath(request, null); + if (redirect == null) { + return null; + } } // redirect to the same path diff --git a/src/main/java/org/apache/sling/auth/core/spi/DefaultJakartaAuthenticationFeedbackHandler.java b/src/main/java/org/apache/sling/auth/core/spi/DefaultJakartaAuthenticationFeedbackHandler.java index e2edb29..f6f2f95 100644 --- a/src/main/java/org/apache/sling/auth/core/spi/DefaultJakartaAuthenticationFeedbackHandler.java +++ b/src/main/java/org/apache/sling/auth/core/spi/DefaultJakartaAuthenticationFeedbackHandler.java @@ -36,8 +36,10 @@ public class DefaultJakartaAuthenticationFeedbackHandler implements JakartaAuthe * authentication and <code>true</code> if the request has been redirected. * <p> * This method checks {@link AuthenticationSupport#REDIRECT_PARAMETER} - * request parameter for the redirect target. This parameter is handled - * as follows: + * request parameter for the redirect target. If that is not set, it falls back + * to check for {@link AuthUtil#getMappedLoginResourcePath(HttpServletRequest, String)}. + * + * The parameter is handled as follows: * <ul> * <li>If the parameter does not exist, the method does not redirect and * <code>false</code> is returned.</li> @@ -100,7 +102,10 @@ public class DefaultJakartaAuthenticationFeedbackHandler implements JakartaAuthe private static String getValidatedRedirectTarget(final HttpServletRequest request) { String redirect = request.getParameter(AuthenticationSupport.REDIRECT_PARAMETER); if (redirect == null) { - return null; + redirect = AuthUtil.getMappedLoginResourcePath(request, null); + if (redirect == null) { + return null; + } } // redirect to the same path
