[
https://issues.jboss.org/browse/WFLY-7105?page=com.atlassian.jira.plugin....
]
Darran Lofthouse commented on WFLY-7105:
----------------------------------------
This issue is being triggered by how Undertow is setting the requestPath within the
HttpServerExchange.
In my own testing my application is deployed at
http://loclahost:8080/HelloWorld, from
here I click on a link to /HelloWorld/secured-page as I have a welcome page so within
ServletInitialHandler this block of code is executed: -
{code:java}
} else if (info.getType() == ServletPathMatch.Type.REWRITE) {
//this can only happen if the path ends with a /
//otherwise there would be a redirect instead
exchange.setRelativePath(info.getRewriteLocation());
exchange.setRequestPath(exchange.getRequestPath() +
info.getRewriteLocation());
}
{code}
The original request path was '/HelloWorld/secured-page/' so by concatenating it
with the output from info.getRewriteLocation() we end up with
'/HelloWorld/secured-page//secured-page/index.html' - maybe this should be using
the resolved path instead of the request path?
Incorrect redirection after authentization when using elytron
-------------------------------------------------------------
Key: WFLY-7105
URL:
https://issues.jboss.org/browse/WFLY-7105
Project: WildFly
Issue Type: Bug
Components: Security, Web (Undertow)
Reporter: Radim Hatlapatka
Assignee: Stuart Douglas
Priority: Critical
Attachments: defined-security-domain.war, roles.properties,
standalone-elytron-web-tests.xml, users.properties
Having web application which uses defined security domain, which is set up using elytron
results in incorrect redirection. It is redirecting after authentication done at
{{http://localhost:8080/defined-security-domain/user/}} to
{{http://localhost:8080/defined-security-domain/user//user/index.jsp}} instead of to
{{http://localhost:8080/defined-security-domain/user/index.jsp}}.
Note, when using only old security domain setup without elytron, it works just fine.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)