[jira] Created: (SLING-1588) form auth can create an endless redirect loop

Justin Edelson (JIRA) Mon, 05 Jul 2010 11:20:49 -0700

form auth can create an endless redirect loop
---------------------------------------------


                 Key: SLING-1588
                 URL: https://issues.apache.org/jira/browse/SLING-1588
             Project: Sling
          Issue Type: Bug
          Components: Extensions
            Reporter: Justin Edelson
            Priority: Critical
             Fix For: Extensions Form Based Authentication 1.0.0


Steps to reproduce (I'm sure there's more than one way to reproduce this):

* Take trunk launchpad and add formauth bundle
* Set service.ranking of FormAuthenticationHandler to > 0

Then...
curl -v -b sling.formauth=garbage http://localhost:8888/index.html

redirects to 
http://localhost:8888/system/sling/form/login?resource=%2Findex.html&j_reason=TIMEOUT

so try this url:

curl -v -b sling.formauth=garbage 
http://localhost:8888/system/sling/form/login?resource=%2Findex.html\&j_reason=TIMEOUT

which redirects to:

http://localhost:8888/system/sling/form/login?resource=%2Fsystem%2Fsling%2Fform%2Flogin&j_reason=TIMEOUT

requesting that url with a garbage cookie redirects again and again and again...

workaround is to enable the "Include Form" option. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Created: (SLING-1588) form auth can create an endless redirect loop

Reply via email to