Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-3443

Parameter based redirection in FormAuthenticationHandler should not handle absolute urls

    XMLWordPrintableJSON

Details

    Description

      Suppose your login url is: http://blah/blah?resource=http://www.google.com

      Then after login succeeds, user would be redirected to http://www.google.com

      Will be submitting a pull request for this.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. SLING-3141 AbstractAuthenticationFormServlet should make sure resource is a valid redirect

          • Major - Major loss of function.
          • Closed

          Activity

            People

              cziegeler Carsten Ziegeler
              bond_ Raviteja Lokineni
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 48h
                  48h
                  Remaining:
                  Remaining Estimate - 48h
                  48h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified