[jira] [Created] (SLING-5629) redirectAfterLogout appends servlet context to the target, when it's already there

Guillaume Lucazeau (JIRA) Thu, 24 Mar 2016 08:34:40 -0700

Guillaume Lucazeau created SLING-5629:
-----------------------------------------


             Summary: redirectAfterLogout appends servlet context to the 
target, when it's already there
                 Key: SLING-5629
                 URL: https://issues.apache.org/jira/browse/SLING-5629
             Project: Sling
          Issue Type: Bug
          Components: Authentication
    Affects Versions: Auth Core 1.3.12
            Reporter: Guillaume Lucazeau


In SlingAuthenticator.redirectAfterLogout, a call is made to 
AuthUtil.isRedirectValid(request, target) which expects the target to contain 
the servlet context path.

When the validation is made, the call for redirection appends the servlet 
context to the same target, leading to a duplicated context:
Line 1417: response.sendRedirect(request.getContextPath() + target);

Calling 
http://localhost:8080/dev/system/sling/logout?resource=/dev/content/node1.html 
redirects to http://localhost:8080/dev/dev/content/node1.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SLING-5629) redirectAfterLogout appends servlet context to the target, when it's already there

Reply via email to