[
https://issues.apache.org/jira/browse/SHIRO-406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13633754#comment-13633754
]
Les Hazlewood commented on SHIRO-406:
-------------------------------------
Hi Alex,
Do you have a very simple test that we can use to replicate this? I do not use
JSF, so in order for me to fix this (which I'm happy to do), I'll need
something that can demonstrate the problem that I can use to verify a fix.
> Redirected to the wrong url after successful login
> --------------------------------------------------
>
> Key: SHIRO-406
> URL: https://issues.apache.org/jira/browse/SHIRO-406
> Project: Shiro
> Issue Type: Bug
> Affects Versions: 1.2.1
> Environment: jboss 7, hibernate 4, jsf2, primfaces
> Reporter: Alex Edwards
> Priority: Minor
>
> Navigate to a secure page that requires the user to be logged in, the user is
> redirected to the login page, after successful login the user is redirected
> to a primfaces js page.
> Cause
> This occurs when the login page is contained within a secured url, if the
> login page contains any external links e.g. js,css one of these will end up
> being the saved request.
> I think this is the wrong behaviour, if the login page is treated as a
> special case (as it seems to be) then the request that caused it to be
> invoked should remain as the saved request, subsequent requests for secure
> content by the login page should not be saved or provided.
> As this is essentially user mis-configuration it could be prevented by not
> having the login page as a special case, if it is located at a secure url
> nothing will happen.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
