Thanks for investigating, I think creating an issue makes sense. I
haven't used this for some time, but I think to remember that there was
an issue
Regards
Carsten
Guillaume Lucazeau wrote
> I've built and deployed org.apache.sling.auth.core-1.3.13-SNAPSHOT with
> changing SlingAuthenticator.redirectAfterLogout from:
>
> // redirect to there
> try {
> response.sendRedirect(request.getContextPath() + target);
>
> to:
> // redirect to there
> try {
> response.sendRedirect(target);
>
> And it works like a charm.
>
> Is anyone using redirection after logout without problem? Or should I
> report a Jira about this issue?
>
> Thank you
> Regards,
> Guillaume
>
> On Wed, Mar 23, 2016 at 6:28 PM, Guillaume Lucazeau <[email protected]>
> wrote:
>
>> Hello,
>>
>> Probably a stupid question again with a simple answer, but really cannot
>> figure it out:
>>
>> I was trying to redirect the user to the loginForm resource after logout,
>> but I end with a double context (/dev/dev/apps/loginForm) if I add it to
>> the resource parameter. If I don't, "AuthUtil.isRedirectValid" returns
>> false.
>>
>> This seems to be the topic of this Jira: SLING-2392 [1]
>> However, when debugging, I see that the "problem" is here, in
>> SlingAuthenticator:
>>
>> response.sendRedirect(request.getContextPath() + target);
>>
>> The target already has the servlet context here.
>>
>> I've tried with Sling launchpad 7, where I've upgraded
>> org.apache.sling.auth.form to 1.0.8 and org.apache.sling.auth.core to
>> 1.3.12, both are latest versions.
>>
>> I've then tried with a clean Sling launchpad 8, upgraded
>> org.apache.sling.auth.core to 1.3.12 and this very simple scenario:
>>
>> - 2 resources: /content/node1 and /content/node2, both has
>> sling:resourceType=test/node
>> - A JSP view under /apps/node :
>> <%@page session="false"%>
>> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"; %>
>> <%@ taglib prefix="sling" uri="http://sling.apache.org/taglibs/sling"%>
>> <%@ page import="org.apache.sling.api.resource.Resource" %>
>> <sling:defineObjects/>
>> Resource: ${resource}<br />
>> <a
>> href="${pageContext.request.contextPath}/system/sling/logout?resource=${pageContext.request.contextPath}/content/node2.html"><span
>> class="red">Logout</span></a>
>>
>> I log in with admin user, browse to http://localhost:8080/dev/node1.html
>> and see my page with this: Resource: JcrNodeResource, type=test/node,
>> superType=null, path=/content/node1
>>
>> The URL of the logout link is:
>> http://localhost:8080/dev/system/sling/logout?resource=/dev/content/node2.html
>>
>> If I click the link, I'm sent to
>> http://localhost:8080/dev/dev/content/node2.html. Removing one "/dev"
>> sends me on the right page. Without the servlet context in the url, I get
>> this log message:
>> org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target
>> '/content/node2.html' does not start with servlet context path '/dev'
>>
>> Could someone please point me out what I'm missing here? Is there another
>> bundle to upgrade?
>>
>> Thank you very much again for any help :)
>>
>> Best regards,
>> Guillaume
>>
>> [1] https://issues.apache.org/jira/browse/SLING-2392
>>
>
--
Carsten Ziegeler
Adobe Research Switzerland
[email protected]
