[
https://issues.apache.org/jira/browse/SLING-13025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus updated SLING-13025:
------------------------------------
Description:
As outlined in
https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html#phase-1-form-submission
{quote}
The resource and sling.auth.redirect parameters provide similar functionality
but with differing historical backgrounds. The resource parameter is based on
the resource request attribute which is set by the login servlet to indicate
the original target resource the client desired when it was forced to
authenticate. The sling.auth.redirect parameter can be used by clients
(applications like cURL or plain HTML forms) to request being redirected after
successful login. If both parameters are set, the sling.auth.redirect parameter
takes precedence.
{quote}
However the
[DefaultJakartaAuthenticationFeedbackHandler|https://github.com/apache/sling-org-apache-sling-auth-core/blob/b8409ee840277cfaeb1f58c8648259b811f7789e/src/main/java/org/apache/sling/auth/core/spi/DefaultJakartaAuthenticationFeedbackHandler.java#L32C14-L32C57]
and
[DefaultAuthenticationFeedbackHandler|https://github.com/apache/sling-org-apache-sling-auth-core/blob/b8409ee840277cfaeb1f58c8648259b811f7789e/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java#L33]
only evaluate {{sling.auth.redirect}}.
In order to reduce the amount of parameters necessary it would be good to issue
a redirect considering {{resource}} in case {{sling.auth.redirect}} is not set
(as in most cases it is the desired behaviour to redirect to the resource which
originally triggered the login).
was:
As outlined in
https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html#phase-1-form-submission
{quote}
The resource and sling.auth.redirect parameters provide similar functionality
but with differing historical backgrounds. The resource parameter is based on
the resource request attribute which is set by the login servlet to indicate
the original target resource the client desired when it was forced to
authenticate. The sling.auth.redirect parameter can be used by clients
(applications like cURL or plain HTML forms) to request being redirected after
successful login. If both parameters are set, the sling.auth.redirect parameter
takes precedence.
{quote}
However the
[DefaultJakartaAuthenticationFeedbackHandler|https://github.com/apache/sling-org-apache-sling-auth-core/blob/b8409ee840277cfaeb1f58c8648259b811f7789e/src/main/java/org/apache/sling/auth/core/spi/DefaultJakartaAuthenticationFeedbackHandler.java#L32C14-L32C57]
and
https://github.com/apache/sling-org-apache-sling-auth-core/blob/b8409ee840277cfaeb1f58c8648259b811f7789e/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java#L33
only evaluate {{sling.auth.redirect}}.
In order to reduce the amount of parameters necessary it would be good to issue
a redirect considering {{resource}} in case {{sling.auth.redirect}} is not set
(as in most cases it is the desired behaviour to redirect to the resource which
originally triggered the login).
> Default(Jakarta)AuthenticationFeedbackHandler should evaluate "resource"
> parameter as fallback for "sling.auth.redirect"
> ------------------------------------------------------------------------------------------------------------------------
>
> Key: SLING-13025
> URL: https://issues.apache.org/jira/browse/SLING-13025
> Project: Sling
> Issue Type: Improvement
> Components: Authentication
> Affects Versions: Auth Core 2.0.2
> Reporter: Konrad Windszus
> Priority: Major
>
> As outlined in
> https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html#phase-1-form-submission
> {quote}
> The resource and sling.auth.redirect parameters provide similar functionality
> but with differing historical backgrounds. The resource parameter is based on
> the resource request attribute which is set by the login servlet to indicate
> the original target resource the client desired when it was forced to
> authenticate. The sling.auth.redirect parameter can be used by clients
> (applications like cURL or plain HTML forms) to request being redirected
> after successful login. If both parameters are set, the sling.auth.redirect
> parameter takes precedence.
> {quote}
> However the
> [DefaultJakartaAuthenticationFeedbackHandler|https://github.com/apache/sling-org-apache-sling-auth-core/blob/b8409ee840277cfaeb1f58c8648259b811f7789e/src/main/java/org/apache/sling/auth/core/spi/DefaultJakartaAuthenticationFeedbackHandler.java#L32C14-L32C57]
> and
> [DefaultAuthenticationFeedbackHandler|https://github.com/apache/sling-org-apache-sling-auth-core/blob/b8409ee840277cfaeb1f58c8648259b811f7789e/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java#L33]
> only evaluate {{sling.auth.redirect}}.
> In order to reduce the amount of parameters necessary it would be good to
> issue a redirect considering {{resource}} in case {{sling.auth.redirect}} is
> not set (as in most cases it is the desired behaviour to redirect to the
> resource which originally triggered the login).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
