[
https://issues.apache.org/jira/browse/SLING-1855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger resolved SLING-1855.
--------------------------------------
Resolution: Fixed
Fixed in Rev. 1029799: Correctly set the form action path deduced not only from
the request context path but also the actual resource the user wants to access
to make sure the form response hits the correct authentication handler
> Form action for form of OpenID authenticationhandler is "j_security_check".
> Posting form hits "POST" servlet instead of authenticationHandler
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SLING-1855
> URL: https://issues.apache.org/jira/browse/SLING-1855
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Extensions OpenID Authentication 0.9.0
> Environment: all
> Reporter: Jos Snellings
> Fix For: Extensions OpenID Authentication 0.9.0
>
>
> Problem, just observed:
> - activated OpenID authentication handler on content tree "noanonymous"
> => when accessing a resource, sling correctly displays the OpenID
> login form
> however, the login form contains a form action:
> <form id="loginform" method="POST" action="/j_security_check"
> enctype="multipart/form-data" accept-charset="UTF-8">
> When posting this form back, sling says:
> Error while processing /j_security_check
> Status 500
> Message javax.jcr.AccessDeniedException:
> /j_security_check/openid_identifier.
> ------------------------------------------------------
> Preliminary diagnosis by F. Meschberger:
> => bug in the login form generation. It should probably
> really include the path of the authentication handler registration
> which triggered the login form being rendered.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
