[jira] [Commented] (SLING-8320) Session Attribute Hash Storage does not work in Form Based Authentication Handler

Wed, 20 Mar 2019 02:42:25 -0700 


    [ 
https://issues.apache.org/jira/browse/SLING-8320?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16796967#comment-16796967
 ] 

Robert Munteanu commented on SLING-8320:
----------------------------------------

Thanks for the report [~reggie_7]. I can reproduce the problem, with the 
following notes:

- after switching the session storage I can no longer log in to the web console
- the starter page and the composum browser correctly recognise the logged in 
user as admin

So the problem is isolated to the web console login. I will update the issue 
title to reflect that.

And of course a pull request would help getting this fixed faster :-)

> Session Attribute Hash Storage does not work in Form Based Authentication 
> Handler
> ---------------------------------------------------------------------------------
>
>                 Key: SLING-8320
>                 URL: https://issues.apache.org/jira/browse/SLING-8320
>             Project: Sling
>          Issue Type: Bug
>          Components: Authentication
>    Affects Versions: Starter 11, Form Based Authentication 1.0.12
>         Environment: Windows 10 Pro 64bit
> Java 1.8.0_92
> Chrome 72.0.3626.121, Firefox 65.0.2
>            Reporter: Radosław Wesołowski
>            Priority: Major
>         Attachments: Session Attribute in Form Authentication.avi
>
>
> {color:#f79232}*Session Attribute*{color} {color:#14892c}[Hash 
> Storage|https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerConfig.java#L48]{color}
>  does not work in [Form Based Authentication 
> Handler|https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java#L864].
>  Using this configuration option breaks the possibility to log into a Sling 
> instance properly.
> The attached video shows the issue steps:
>  # Login to a Sling instance (at e.g. [localhost:8080|http://localhost:8080/])
>  # Open [Apache Sling Form Based Authentication Handler 
> configuration|http://localhost:8080/system/console/configMgr/org.apache.sling.auth.form.FormAuthenticationHandler]
>  # Set *{color:#14892c}[Hash 
> Storage|https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandlerConfig.java#L48]{color}*
>  option to {color:#f79232}*Session Attribute*{color}
>  # Refresh [/system/console|http://localhost:8080/system/console]
> As the result one can no longer properly login.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to