Alex Edwards created SHIRO-406:
----------------------------------
Summary: Redirected to the wrong url after successful login
Key: SHIRO-406
URL: https://issues.apache.org/jira/browse/SHIRO-406
Project: Shiro
Issue Type: Bug
Affects Versions: 1.2.1
Environment: jboss 7, hibernate 4, jsf2, primfaces
Reporter: Alex Edwards
Priority: Minor
Navigate to a secure page that requires the user to be logged in, the user is
redirected to the login page, after successful login the user is redirected to
a primfaces js page.
Cause
This occurs when the login page is contained within a secured url, if the login
page contains any external links e.g. js,css one of these will end up being the
saved request.
I think this is the wrong behaviour, if the login page is treated as a special
case (as it seems to be) then the request that caused it to be invoked should
remain as the saved request, subsequent requests for secure content by the
login page should not be saved or provided.
As this is essentially user mis-configuration it could be prevented by not
having the login page as a special case, if it is located at a secure url
nothing will happen.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
