[ https://issues.apache.org/jira/browse/SLING-2392?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-2392. -------------------------------------- Resolution: Fixed Can be resolved > AuthUtil.isRedirectValid and AuthUtil.sendRedirect are asymmetric causing > sendRedirect to fail for non-root contexts > -------------------------------------------------------------------------------------------------------------------- > > Key: SLING-2392 > URL: https://issues.apache.org/jira/browse/SLING-2392 > Project: Sling > Issue Type: Bug > Components: Authentication > Affects Versions: Auth Core 1.0.6 > Reporter: Felix Meschberger > Assignee: Felix Meschberger > Fix For: Auth Core 1.1.0 > > > The AuthUtil.isRedirectValid is built to validate the target path such that > the requests's context path is expected to be part of the target path. The > AuthUtil.sendRedirect method on the other hand is built to not expect servlet > context path. > This causes redirect failures if the Sling application is deployed in a > non-root servlet context: If a path is supplied without a servlet context > path, validation check fails and the redirect goes to the duplicated context > path. If a path is supplied with a servlet context path, validation succeeds, > but redirect goes to a path prefixed with duplicate context path, too. > In essence, the isRedirectValid and sendRedirect should be symmetric in that > they both require the target path to be prefixed with the servlet context > path. > The old AbstractAuthenticationHandler.sendRedirect method cannot be thus > changed and so remains accepting the target path without the servlet context > path. But before calling the new AuthUtil.sendRedirect method, the servlet > context path is prefixed to the target path to comply with the new spec of > the AuthUtil.sendRedirect method. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira