Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-10383

Do not check for redirect loops when a login fails due to an expired token

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • None
    • Auth Core 1.5.4
    • Authentication
    • None

    Description

      Authentication tokens issued by Oak ( https://jackrabbit.apache.org/oak/docs/security/authentication/tokenmanagement.html ) have an expiry time. The following scenario can happen:

      • user is logged in to page at /content/foo.html
      • authentication token expires
      • user clicks to a link that takes them to the same page - /content/foo.html

      Due to the Referer header check in SlingAuthenticator.isLoginLoop the request is considered as part of a loop and does not trigger a redirect to the login page.

      We should skip the loop check for expired credentials instead and allow the redirect login to be created.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. OAK-9433 TokenAuthentication.authenticate: throw specific exception for expired credentials

          • Major - Major loss of function.
          • Closed
          links to

          Web Link Pull request #10

          Activity

            People

              rombert Robert Munteanu
              rombert Robert Munteanu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2h
                  2h