[jira] [Commented] (SLING-5629) redirectAfterLogout prepends servlet context to the target, when it's already there

Thu, 24 Mar 2016 09:49:50 -0700 

    [ 
https://issues.apache.org/jira/browse/SLING-5629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15210536#comment-15210536
 ] 

ASF GitHub Bot commented on SLING-5629:
---------------------------------------

GitHub user glucazeau opened a pull request:

    https://github.com/apache/sling/pull/132

    SLING-5629: do not prepend servlet context path on the target

    Remove prepend of servlet context in redirectAfterLogout, as it is required 
to be in the redirection target by AuthUtil.isRedirectValid

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/glucazeau/sling trunk

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/sling/pull/132.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #132
    
----
commit 1fb198794327b452be0ae8c33e0407eccd149194
Author: Guillaume Lucazeau <[email protected]>
Date:   2016-03-24T15:56:32Z

    SLING-5629: do not prepend servlet context path on the target

----


> redirectAfterLogout prepends servlet context to the target, when it's already 
> there
> -----------------------------------------------------------------------------------
>
>                 Key: SLING-5629
>                 URL: https://issues.apache.org/jira/browse/SLING-5629
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Auth Core 1.3.12
>            Reporter: Guillaume Lucazeau
>
> In SlingAuthenticator.redirectAfterLogout, a call is made to 
> AuthUtil.isRedirectValid(request, target) which expects the target to contain 
> the servlet context path.
> When the validation is made, the call for redirection appends the servlet 
> context to the same target, leading to a duplicated context:
> Line 1417: response.sendRedirect(request.getContextPath() + target);
> Calling 
> http://localhost:8080/dev/system/sling/logout?resource=/dev/content/node1.html
>  redirects to http://localhost:8080/dev/dev/content/node1.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to