[jira] [Assigned] (SLING-5629) redirectAfterLogout prepends servlet context to the target, when it's already there

Carsten Ziegeler (JIRA) Mon, 28 Mar 2016 06:24:20 -0700

     [ 
https://issues.apache.org/jira/browse/SLING-5629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Carsten Ziegeler reassigned SLING-5629:
---------------------------------------

    Assignee: Carsten Ziegeler

> redirectAfterLogout prepends servlet context to the target, when it's already 
> there
> -----------------------------------------------------------------------------------
>
>                 Key: SLING-5629
>                 URL: https://issues.apache.org/jira/browse/SLING-5629
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Auth Core 1.3.12
>            Reporter: Guillaume Lucazeau
>            Assignee: Carsten Ziegeler
>             Fix For: Auth Core 1.3.14
>
>
> In SlingAuthenticator.redirectAfterLogout, a call is made to 
> AuthUtil.isRedirectValid(request, target) which expects the target to contain 
> the servlet context path.
> When the validation is made, the call for redirection appends the servlet 
> context to the same target, leading to a duplicated context:
> Line 1417: response.sendRedirect(request.getContextPath() + target);
> Calling 
> http://localhost:8080/dev/system/sling/logout?resource=/dev/content/node1.html
>  redirects to http://localhost:8080/dev/dev/content/node1.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Assigned] (SLING-5629) redirectAfterLogout prepends servlet context to the target, when it's already there

Reply via email to