[jira] Closed: (SLING-1940) selector form submits to the wrong path when used in a non-root servlet context

Fri, 28 Jan 2011 01:00:12 -0800 

     [ 
https://issues.apache.org/jira/browse/SLING-1940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Carsten Ziegeler closed SLING-1940.
-----------------------------------


> selector form submits to the wrong path when used in a non-root servlet 
> context
> -------------------------------------------------------------------------------
>
>                 Key: SLING-1940
>                 URL: https://issues.apache.org/jira/browse/SLING-1940
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>            Reporter: Justin Edelson
>            Assignee: Justin Edelson
>             Fix For: Auth Core 1.0.6
>
>
> If you run Sling on a non-root servlet context go to the login page (e.g. 
> http://localhost:8080/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/system/sling/login.html),
>  the login servlet redirects to a login form with a query parameter called 
> resource set to the servlet context path (e.g. 
> http://localhost:8080/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/system/sling/selector/login?resource=%2Forg.apache.sling.launchpad.testing-war-6-SNAPSHOT)
> When the form is created, the HTML form submission path (i.e. the form 
> action) contains the servlet context path *twice*, e.g.
> action="/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/j_security_check"
> The reason for this is that 
> org.apache.sling.auth.core.spi.AbstractAuthenticationFormServlet.getContextPath()
>  concatenates the servlet context path and the resource query param:
>         StringBuilder b = new StringBuilder();
>         b.append(request.getContextPath());
>         String resource = getResource(request);
>         int query = resource.indexOf('?');
>         if (query > 0) {
>             b.append(resource.substring(0, query));
>         } else {
>             b.append(resource);
>         }
> Obviously, we should only add the servlet context path once, either in the 
> resource query param OR AbstractAuthenticationFormServlet.getContextPath().
> My inclination is to do the former, i.e. the default value of the resource 
> query param is "/", not the servlet context path.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to