[jira] [Resolved] (SLING-2392) AuthUtil.isRedirectValid and AuthUtil.sendRedirect are asymmetric causing sendRedirect to fail for non-root contexts

Mon, 30 Jan 2012 07:14:32 -0800 

     [ 
https://issues.apache.org/jira/browse/SLING-2392?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Felix Meschberger resolved SLING-2392.
--------------------------------------

    Resolution: Fixed

Can be resolved
                
> AuthUtil.isRedirectValid and AuthUtil.sendRedirect are asymmetric causing 
> sendRedirect to fail for non-root contexts
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: SLING-2392
>                 URL: https://issues.apache.org/jira/browse/SLING-2392
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Auth Core 1.0.6
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: Auth Core 1.1.0
>
>
> The AuthUtil.isRedirectValid is built to validate the target path such that 
> the requests's context path is expected to be part of the target path. The 
> AuthUtil.sendRedirect method on the other hand is built to not expect servlet 
> context path.
> This causes redirect failures if the Sling application is deployed in a 
> non-root servlet context: If a path is supplied without a servlet context 
> path, validation check fails and the redirect goes to the duplicated context 
> path. If a path is supplied with a servlet context path, validation succeeds, 
> but redirect goes to a path prefixed with duplicate context path, too.
> In essence, the isRedirectValid and sendRedirect should be symmetric in that 
> they both require the target path to be prefixed with the servlet context 
> path.
> The old AbstractAuthenticationHandler.sendRedirect method cannot be thus 
> changed and so remains accepting the target path without the servlet context 
> path. But before calling the new AuthUtil.sendRedirect method, the servlet 
> context path is prefixed to the target path to comply with the new spec of 
> the AuthUtil.sendRedirect method.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to