[SLING-1588] form auth can create an endless redirect loop - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Form Based Authentication 1.0.0
Component/s: Authentication
Labels:
None

Description

Steps to reproduce (I'm sure there's more than one way to reproduce this):

Take trunk launchpad and add formauth bundle
Set service.ranking of FormAuthenticationHandler to > 0

Then...
curl -v -b sling.formauth=garbage http://localhost:8888/index.html

redirects to http://localhost:8888/system/sling/form/login?resource=%2Findex.html&j_reason=TIMEOUT

so try this url:

curl -v -b sling.formauth=garbage http://localhost:8888/system/sling/form/login?resource=%2Findex.html\&j_reason=TIMEOUT

which redirects to:

http://localhost:8888/system/sling/form/login?resource=%2Fsystem%2Fsling%2Fform%2Flogin&j_reason=TIMEOUT

requesting that url with a garbage cookie redirects again and again and again...

workaround is to enable the "Include Form" option.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Justin Edelson

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 05/Jul/10 18:12

Updated:: 27/Aug/10 08:53

Resolved:: 28/Jul/10 15:34