[jira] [Commented] (SLING-5629) redirectAfterLogout prepends servlet context to the target, when it's already there

ASF GitHub Bot (JIRA) Fri, 10 Jun 2016 03:14:21 -0700

    [ 
https://issues.apache.org/jira/browse/SLING-5629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15324173#comment-15324173
 ]


ASF GitHub Bot commented on SLING-5629:
---------------------------------------

Github user glucazeau closed the pull request at:

    https://github.com/apache/sling/pull/132


> redirectAfterLogout prepends servlet context to the target, when it's already 
> there
> -----------------------------------------------------------------------------------
>
>                 Key: SLING-5629
>                 URL: https://issues.apache.org/jira/browse/SLING-5629
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Auth Core 1.3.12
>            Reporter: Guillaume Lucazeau
>            Assignee: Carsten Ziegeler
>             Fix For: Auth Core 1.3.14
>
>
> In SlingAuthenticator.redirectAfterLogout, a call is made to 
> AuthUtil.isRedirectValid(request, target) which expects the target to contain 
> the servlet context path.
> When the validation is made, the call for redirection appends the servlet 
> context to the same target, leading to a duplicated context:
> Line 1417: response.sendRedirect(request.getContextPath() + target);
> Calling 
> http://localhost:8080/dev/system/sling/logout?resource=/dev/content/node1.html
>  redirects to http://localhost:8080/dev/dev/content/node1.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SLING-5629) redirectAfterLogout prepends servlet context to the target, when it's already there

Reply via email to