[jira] [Comment Edited] (SLING-7414) WebConsole security provider 1.1.0 or newer do not work with the Sling Starter

Mon, 15 Oct 2018 07:27:11 -0700 


    [ 
https://issues.apache.org/jira/browse/SLING-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16650289#comment-16650289
 ] 

Robert Munteanu edited comment on SLING-7414 at 10/15/18 2:26 PM:
------------------------------------------------------------------

As far as I can tell, the problem is that the default login page uses an action 
URL of {{${requestContextPath}/j_security_check}} . When the url is 
{{/system/console}}, the form is POST-ed to 
{{/system/console/j_security_check}}. In that scenario, the username and 
password request parameters are not available to the {{SlingAuthenticator}}. A 
simple fix is to POST the request to a different URL, for instance 
{{${contextPath}/j_security_check.}}


was (Author: rombert):
As far as I can tell, the problem is that the default login page uses an action 
URL of {{${requestContextPath}/j_security_check}} . When the url is 
{{/system/console}}, the form is POST-ed to 
{{/system/console/j_security_check}}. In that scenario, the username and 
password request parameters are not available to the {{SlingAuthenticator}}. A 
simple fix is to POST the request to a different URL, for instance 
${contextPath}/j_security_check.

> WebConsole security provider 1.1.0 or newer do not work with the Sling Starter
> ------------------------------------------------------------------------------
>
>                 Key: SLING-7414
>                 URL: https://issues.apache.org/jira/browse/SLING-7414
>             Project: Sling
>          Issue Type: Bug
>          Components: Extensions
>    Affects Versions: Form Based Authentication 1.0.10
>            Reporter: Robert Munteanu
>            Assignee: Robert Munteanu
>            Priority: Critical
>             Fix For: Form Based Authentication 1.0.12
>
>
> When upgrading the webconsole security provider in the Sling starter to 
> 1.2.0, the following problems occur:
> * the SmokeIT fails since accessing {{/system/console/bundles.json}} 
> redirects to an HTML login form
> * accessing the OSGi console at {{/system/console}} presents a login form at 
> http://localhost:8080/system/sling/form/login?resource=%2Fsystem%2Fconsole, 
> but then redirects to http://localhost:8080/system/console/j_security_check . 
> Re-accessing {{/system/console}} brings up the login form again.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to