I've built and deployed org.apache.sling.auth.core-1.3.13-SNAPSHOT with
changing SlingAuthenticator.redirectAfterLogout from:
// redirect to there
try {
response.sendRedirect(request.getContextPath() + target);
to:
// redirect to there
try {
response.sendRedirect(target);
And it works like a charm.
Is anyone using redirection after logout without problem? Or should I
report a Jira about this issue?
Thank you
Regards,
Guillaume
On Wed, Mar 23, 2016 at 6:28 PM, Guillaume Lucazeau <[email protected]>
wrote:
> Hello,
>
> Probably a stupid question again with a simple answer, but really cannot
> figure it out:
>
> I was trying to redirect the user to the loginForm resource after logout,
> but I end with a double context (/dev/dev/apps/loginForm) if I add it to
> the resource parameter. If I don't, "AuthUtil.isRedirectValid" returns
> false.
>
> This seems to be the topic of this Jira: SLING-2392 [1]
> However, when debugging, I see that the "problem" is here, in
> SlingAuthenticator:
>
> response.sendRedirect(request.getContextPath() + target);
>
> The target already has the servlet context here.
>
> I've tried with Sling launchpad 7, where I've upgraded
> org.apache.sling.auth.form to 1.0.8 and org.apache.sling.auth.core to
> 1.3.12, both are latest versions.
>
> I've then tried with a clean Sling launchpad 8, upgraded
> org.apache.sling.auth.core to 1.3.12 and this very simple scenario:
>
> - 2 resources: /content/node1 and /content/node2, both has
> sling:resourceType=test/node
> - A JSP view under /apps/node :
> <%@page session="false"%>
> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"; %>
> <%@ taglib prefix="sling" uri="http://sling.apache.org/taglibs/sling"%>
> <%@ page import="org.apache.sling.api.resource.Resource" %>
> <sling:defineObjects/>
> Resource: ${resource}<br />
> <a
> href="${pageContext.request.contextPath}/system/sling/logout?resource=${pageContext.request.contextPath}/content/node2.html"><span
> class="red">Logout</span></a>
>
> I log in with admin user, browse to http://localhost:8080/dev/node1.html
> and see my page with this: Resource: JcrNodeResource, type=test/node,
> superType=null, path=/content/node1
>
> The URL of the logout link is:
> http://localhost:8080/dev/system/sling/logout?resource=/dev/content/node2.html
>
> If I click the link, I'm sent to
> http://localhost:8080/dev/dev/content/node2.html. Removing one "/dev"
> sends me on the right page. Without the servlet context in the url, I get
> this log message:
> org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target
> '/content/node2.html' does not start with servlet context path '/dev'
>
> Could someone please point me out what I'm missing here? Is there another
> bundle to upgrade?
>
> Thank you very much again for any help :)
>
> Best regards,
> Guillaume
>
> [1] https://issues.apache.org/jira/browse/SLING-2392
>
