[ https://issues.apache.org/jira/browse/SLING-1940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler closed SLING-1940. ----------------------------------- > selector form submits to the wrong path when used in a non-root servlet > context > ------------------------------------------------------------------------------- > > Key: SLING-1940 > URL: https://issues.apache.org/jira/browse/SLING-1940 > Project: Sling > Issue Type: Bug > Components: Authentication > Reporter: Justin Edelson > Assignee: Justin Edelson > Fix For: Auth Core 1.0.6 > > > If you run Sling on a non-root servlet context go to the login page (e.g. > http://localhost:8080/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/system/sling/login.html), > the login servlet redirects to a login form with a query parameter called > resource set to the servlet context path (e.g. > http://localhost:8080/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/system/sling/selector/login?resource=%2Forg.apache.sling.launchpad.testing-war-6-SNAPSHOT) > When the form is created, the HTML form submission path (i.e. the form > action) contains the servlet context path *twice*, e.g. > action="/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/org.apache.sling.launchpad.testing-war-6-SNAPSHOT/j_security_check" > The reason for this is that > org.apache.sling.auth.core.spi.AbstractAuthenticationFormServlet.getContextPath() > concatenates the servlet context path and the resource query param: > StringBuilder b = new StringBuilder(); > b.append(request.getContextPath()); > String resource = getResource(request); > int query = resource.indexOf('?'); > if (query > 0) { > b.append(resource.substring(0, query)); > } else { > b.append(resource); > } > Obviously, we should only add the servlet context path once, either in the > resource query param OR AbstractAuthenticationFormServlet.getContextPath(). > My inclination is to do the former, i.e. the default value of the resource > query param is "/", not the servlet context path. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.