[jira] [Updated] (SLING-13025) Default(Jakarta)AuthenticationFeedbackHandler should evaluate resource parameter as fallback for the redirect

Mon, 08 Dec 2025 03:43:56 -0800 


     [ 
https://issues.apache.org/jira/browse/SLING-13025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus updated SLING-13025:
------------------------------------
    Affects Version/s: Auth Core 2.0.2

> Default(Jakarta)AuthenticationFeedbackHandler should evaluate resource 
> parameter as fallback for the redirect
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: SLING-13025
>                 URL: https://issues.apache.org/jira/browse/SLING-13025
>             Project: Sling
>          Issue Type: Improvement
>          Components: Authentication
>    Affects Versions: Auth Core 2.0.2
>            Reporter: Konrad Windszus
>            Priority: Major
>
> As outlined in 
> https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html#phase-1-form-submission
> {quote}
> The resource and sling.auth.redirect parameters provide similar functionality 
> but with differing historical backgrounds. The resource parameter is based on 
> the resource request attribute which is set by the login servlet to indicate 
> the original target resource the client desired when it was forced to 
> authenticate. The sling.auth.redirect parameter can be used by clients 
> (applications like cURL or plain HTML forms) to request being redirected 
> after successful login. If both parameters are set, the sling.auth.redirect 
> parameter takes precedence.
> {quote}
> However the 
> [DefaultJakartaAuthenticationFeedbackHandler|https://github.com/apache/sling-org-apache-sling-auth-core/blob/b8409ee840277cfaeb1f58c8648259b811f7789e/src/main/java/org/apache/sling/auth/core/spi/DefaultJakartaAuthenticationFeedbackHandler.java#L32C14-L32C57]
>  and 
> https://github.com/apache/sling-org-apache-sling-auth-core/blob/b8409ee840277cfaeb1f58c8648259b811f7789e/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java#L33
>  only evaluate `sling.auth.redirect`.
> In order to reduce the amount of parameters necessary it would be good to 
> issue a redirect considering {{resource}} in case {{sling.auth.redirect}} is 
> not set (as in most cases it is the desired behaviour to redirect to the 
> resource which originally triggered the login).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to