[jira] Commented: (SLING-1855) Form action for form of OpenID authenticationhandler is "j_security_check". Posting form hits "POST" servlet instead of authenticationHandler

Mon, 01 Nov 2010 07:07:53 -0700 

    [ 
https://issues.apache.org/jira/browse/SLING-1855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12926987#action_12926987
 ] 

Felix Meschberger commented on SLING-1855:
------------------------------------------

The problem lies in the form servlet which prepares the form but does not 
include the path to the authentication handler triggering the form request. 
Yet, this information is not readily available from the request itself and must 
probably be provided as part of the redirect ...

Alternatively an option would be to just use the resource path instead of just 
the context path.

> Form action for form of OpenID authenticationhandler is "j_security_check". 
> Posting form hits "POST" servlet instead of authenticationHandler
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SLING-1855
>                 URL: https://issues.apache.org/jira/browse/SLING-1855
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Extensions OpenID Authentication 0.9.0
>         Environment: all
>            Reporter: Jos Snellings
>             Fix For: Extensions OpenID Authentication 0.9.0
>
>
> Problem, just observed:
> - activated OpenID authentication handler on content tree "noanonymous"
>        => when accessing a resource, sling correctly displays the OpenID 
> login form
>        however, the login form contains a form action:
> <form id="loginform" method="POST" action="/j_security_check"
>         enctype="multipart/form-data" accept-charset="UTF-8">
> When posting this form back, sling says:
>  Error while processing /j_security_check
> Status    500
> Message    javax.jcr.AccessDeniedException: 
> /j_security_check/openid_identifier.
> ------------------------------------------------------
> Preliminary diagnosis by F. Meschberger:
> => bug in the login form generation. It should probably
> really include the path of the authentication handler registration
> which triggered the login form being rendered.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to