Thank you Carsten, I've created this ticket: https://issues.apache.org/jira/browse/SLING-5629
Best regards, Guillaume On Thu, Mar 24, 2016 at 3:47 PM, Carsten Ziegeler <[email protected]> wrote: > Thanks for investigating, I think creating an issue makes sense. I > haven't used this for some time, but I think to remember that there was > an issue > > Regards > Carsten > > Guillaume Lucazeau wrote > > I've built and deployed org.apache.sling.auth.core-1.3.13-SNAPSHOT with > > changing SlingAuthenticator.redirectAfterLogout from: > > > > // redirect to there > > try { > > response.sendRedirect(request.getContextPath() + target); > > > > to: > > // redirect to there > > try { > > response.sendRedirect(target); > > > > And it works like a charm. > > > > Is anyone using redirection after logout without problem? Or should I > > report a Jira about this issue? > > > > Thank you > > Regards, > > Guillaume > > > > On Wed, Mar 23, 2016 at 6:28 PM, Guillaume Lucazeau <[email protected] > > > > wrote: > > > >> Hello, > >> > >> Probably a stupid question again with a simple answer, but really cannot > >> figure it out: > >> > >> I was trying to redirect the user to the loginForm resource after > logout, > >> but I end with a double context (/dev/dev/apps/loginForm) if I add it to > >> the resource parameter. If I don't, "AuthUtil.isRedirectValid" returns > >> false. > >> > >> This seems to be the topic of this Jira: SLING-2392 [1] > >> However, when debugging, I see that the "problem" is here, in > >> SlingAuthenticator: > >> > >> response.sendRedirect(request.getContextPath() + target); > >> > >> The target already has the servlet context here. > >> > >> I've tried with Sling launchpad 7, where I've upgraded > >> org.apache.sling.auth.form to 1.0.8 and org.apache.sling.auth.core to > >> 1.3.12, both are latest versions. > >> > >> I've then tried with a clean Sling launchpad 8, upgraded > >> org.apache.sling.auth.core to 1.3.12 and this very simple scenario: > >> > >> - 2 resources: /content/node1 and /content/node2, both has > >> sling:resourceType=test/node > >> - A JSP view under /apps/node : > >> <%@page session="false"%> > >> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"; %> > >> <%@ taglib prefix="sling" uri="http://sling.apache.org/taglibs/sling"%> > >> <%@ page import="org.apache.sling.api.resource.Resource" %> > >> <sling:defineObjects/> > >> Resource: ${resource}<br /> > >> <a > >> > href="${pageContext.request.contextPath}/system/sling/logout?resource=${pageContext.request.contextPath}/content/node2.html"><span > >> class="red">Logout</span></a> > >> > >> I log in with admin user, browse to > http://localhost:8080/dev/node1.html > >> and see my page with this: Resource: JcrNodeResource, type=test/node, > >> superType=null, path=/content/node1 > >> > >> The URL of the logout link is: > >> > http://localhost:8080/dev/system/sling/logout?resource=/dev/content/node2.html > >> > >> If I click the link, I'm sent to > >> http://localhost:8080/dev/dev/content/node2.html. Removing one "/dev" > >> sends me on the right page. Without the servlet context in the url, I > get > >> this log message: > >> org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target > >> '/content/node2.html' does not start with servlet context path '/dev' > >> > >> Could someone please point me out what I'm missing here? Is there > another > >> bundle to upgrade? > >> > >> Thank you very much again for any help :) > >> > >> Best regards, > >> Guillaume > >> > >> [1] https://issues.apache.org/jira/browse/SLING-2392 > >> > > > > > > -- > Carsten Ziegeler > Adobe Research Switzerland > [email protected] >
