Apply some validation to requested redirects after authentication
-----------------------------------------------------------------
Key: SLING-2126
URL: https://issues.apache.org/jira/browse/SLING-2126
Project: Sling
Issue Type: Improvement
Components: Authentication
Affects Versions: Auth Core 1.0.6
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: Auth Core 1.0.8
Currently the DefaultAuthenticationFeedbackHandler.handleRedirect and
AbstractAuthenticationHandler.sendRedirect methods do not apply any validity
checks on the requested redirect target.
We should apply some checks to ensure a valid target is accessible within the
Sling application. If the target is not valid, the methods would redirect to
the servlet context root path -- obeying the contract for redirecting the
client but not necessairily to the desired target. In any case an ERROR level
message is written to the log indicating why the redirect target is not being
honoured.
This check should be made available to AuthenticationHandler implementations
such that they may apply checks to their own redirects.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
