selector form submits to the wrong path when used in a non-root servlet context -------------------------------------------------------------------------------
Key: SLING-1940 URL: https://issues.apache.org/jira/browse/SLING-1940 Project: Sling Issue Type: Bug Components: Authentication Reporter: Justin Edelson Assignee: Justin Edelson If you run Sling on a non-root servlet context go to the login page (e.g. http://localhost:8080/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/system/sling/login.html), the login servlet redirects to a login form with a query parameter called resource set to the servlet context path (e.g. http://localhost:8080/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/system/sling/selector/login?resource=%2Forg.apache.sling.launchpad.testing-war-6-SNAPSHOT) When the form is created, the HTML form submission path (i.e. the form action) contains the servlet context path *twice*, e.g. action="/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/j_security_check" The reason for this is that org.apache.sling.auth.core.spi.AbstractAuthenticationFormServlet.getContextPath() concatenates the servlet context path and the resource query param: StringBuilder b = new StringBuilder(); b.append(request.getContextPath()); String resource = getResource(request); int query = resource.indexOf('?'); if (query > 0) { b.append(resource.substring(0, query)); } else { b.append(resource); } Obviously, we should only add the servlet context path once, either in the resource query param OR AbstractAuthenticationFormServlet.getContextPath(). My inclination is to do the former, i.e. the default value of the resource query param is "/", not the servlet context path. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.