[
https://issues.apache.org/jira/browse/SLING-5629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler resolved SLING-5629.
-------------------------------------
Resolution: Fixed
Thanks for your patch, Guillaume. It's applied in rev 1736885
I've also corrected the target if the redirect path is invalid
> redirectAfterLogout prepends servlet context to the target, when it's already
> there
> -----------------------------------------------------------------------------------
>
> Key: SLING-5629
> URL: https://issues.apache.org/jira/browse/SLING-5629
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Auth Core 1.3.12
> Reporter: Guillaume Lucazeau
> Assignee: Carsten Ziegeler
> Fix For: Auth Core 1.3.14
>
>
> In SlingAuthenticator.redirectAfterLogout, a call is made to
> AuthUtil.isRedirectValid(request, target) which expects the target to contain
> the servlet context path.
> When the validation is made, the call for redirection appends the servlet
> context to the same target, leading to a duplicated context:
> Line 1417: response.sendRedirect(request.getContextPath() + target);
> Calling
> http://localhost:8080/dev/system/sling/logout?resource=/dev/content/node1.html
> redirects to http://localhost:8080/dev/dev/content/node1.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
