[jira] [Resolved] (SLING-13025) Default(Jakarta)AuthenticationFeedbackHandler should evaluate "resource" parameter as fallback for "sling.auth.redirect"

[Konrad Windszus (Jira)]

     [ 
https://issues.apache.org/jira/browse/SLING-13025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus resolved SLING-13025.
-------------------------------------
    Fix Version/s: Auth Core 2.0.4
       Resolution: Fixed

Fixed in 
https://github.com/apache/sling-org-apache-sling-auth-core/commit/530a1bcf0e0a29cf1e08f0d9dd0debde5d605d1b.

> Default(Jakarta)AuthenticationFeedbackHandler should evaluate "resource" 
> parameter as fallback for "sling.auth.redirect"
> ------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SLING-13025
>                 URL: https://issues.apache.org/jira/browse/SLING-13025
>             Project: Sling
>          Issue Type: Improvement
>          Components: Authentication
>    Affects Versions: Auth Core 2.0.2
>            Reporter: Konrad Windszus
>            Assignee: Konrad Windszus
>            Priority: Major
>             Fix For: Auth Core 2.0.4
>
>
> As outlined in 
> https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html#phase-1-form-submission
> {quote}
> The resource and sling.auth.redirect parameters provide similar functionality 
> but with differing historical backgrounds. The resource parameter is based on 
> the resource request attribute which is set by the login servlet to indicate 
> the original target resource the client desired when it was forced to 
> authenticate. The sling.auth.redirect parameter can be used by clients 
> (applications like cURL or plain HTML forms) to request being redirected 
> after successful login. If both parameters are set, the sling.auth.redirect 
> parameter takes precedence.
> {quote}
> However the 
> [DefaultJakartaAuthenticationFeedbackHandler|https://github.com/apache/sling-org-apache-sling-auth-core/blob/b8409ee840277cfaeb1f58c8648259b811f7789e/src/main/java/org/apache/sling/auth/core/spi/DefaultJakartaAuthenticationFeedbackHandler.java#L32C14-L32C57]
>  and 
> [DefaultAuthenticationFeedbackHandler|https://github.com/apache/sling-org-apache-sling-auth-core/blob/b8409ee840277cfaeb1f58c8648259b811f7789e/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java#L33]
>  only evaluate {{sling.auth.redirect}}.
> In order to reduce the amount of parameters necessary it would be good to 
> issue a redirect considering {{resource}} in case {{sling.auth.redirect}} is 
> not set (as in most cases it is the desired behaviour to redirect to the 
> resource which originally triggered the login).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)