[jboss-jira] [JBoss JIRA] (WFLY-13379) Redirect after "j_security_check" login does not work if URL has no trailing slash
Wolfgang Knauf (Jira)
issues at jboss.org
Wed Apr 15 13:33:36 EDT 2020
[ https://issues.redhat.com/browse/WFLY-13379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wolfgang Knauf updated WFLY-13379:
----------------------------------
Description:
Attached file "Security.ear" contains a web application with a single jsp page "index.jsp" and form based login, which is secured by a Database Identity Store (Elytron).
When calling the root URL of the webapp without specifiying any page and {color:red}*no*{color} trailing slash (http://localhost:8080/SecurityWeb), on WildFly 11 the login form is shown, and then the welcome file "index.jsp" is shown.
On WildFly 19, the login form is shown, and after successful login, there is an error message "404 - Not Found", and the URL in the adress bar changes to http://localhost:8080/j_security_check
It works if the URL is "http://localhost:8080/SecurityWeb/" (trailing slash). It seems WildFly 11 appends the "/" automatically when redirecting to the login form, while WildFly 19 keeps this URL.
To run the sample, you have to add the Elytron config - the script "configure.cli" can be used for this:
jboss-cli.bat --file=path_to\configure.cli
The script "restore-configuration.cli" undoes this configuration.
Username/Password are e.g. "admin"/"admin" - the sample creates a user table based on an ejb and "import.sql" inserts users.
was:
Attached file "Security.ear" contains a web application with a single jsp page "index.jsp" and form based login, which is secured by a Database Identity Store (Elytron).
When calling the root URL of the webapp without specifiying any page and {color:red}*no *{color} trailing slash (http://localhost:8080/SecurityWeb), on WildFly 11 the login form is shown, and then the welcome file "index.jsp" is shown.
On WildFly 19, the login form is shown, and after successful login, there is an error message "404 - Not Found", and the URL in the adress bar changes to http://localhost:8080/j_security_check
It works if the URL is "http://localhost:8080/SecurityWeb/" (trailing slash). It seems WildFly 11 appends the "/" automatically when redirecting to the login form, while WildFly 19 keeps this URL.
To run the sample, you have to add the Elytron config - the script "configure.cli" can be used for this:
jboss-cli.bat --file=path_to\configure.cli
The script "restore-configuration.cli" undoes this configuration.
Username/Password are e.g. "admin"/"admin" - the sample creates a user table based on an ejb and "import.sql" inserts users.
> Redirect after "j_security_check" login does not work if URL has no trailing slash
> ----------------------------------------------------------------------------------
>
> Key: WFLY-13379
> URL: https://issues.redhat.com/browse/WFLY-13379
> Project: WildFly
> Issue Type: Bug
> Components: Server
> Affects Versions: 19.0.0.Final
> Reporter: Wolfgang Knauf
> Assignee: Brian Stansberry
> Priority: Major
> Attachments: Security.ear, configure.cli, restore-configuration.cli
>
>
> Attached file "Security.ear" contains a web application with a single jsp page "index.jsp" and form based login, which is secured by a Database Identity Store (Elytron).
> When calling the root URL of the webapp without specifiying any page and {color:red}*no*{color} trailing slash (http://localhost:8080/SecurityWeb), on WildFly 11 the login form is shown, and then the welcome file "index.jsp" is shown.
> On WildFly 19, the login form is shown, and after successful login, there is an error message "404 - Not Found", and the URL in the adress bar changes to http://localhost:8080/j_security_check
> It works if the URL is "http://localhost:8080/SecurityWeb/" (trailing slash). It seems WildFly 11 appends the "/" automatically when redirecting to the login form, while WildFly 19 keeps this URL.
> To run the sample, you have to add the Elytron config - the script "configure.cli" can be used for this:
> jboss-cli.bat --file=path_to\configure.cli
> The script "restore-configuration.cli" undoes this configuration.
> Username/Password are e.g. "admin"/"admin" - the sample creates a user table based on an ejb and "import.sql" inserts users.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list