[jboss-jira] [JBoss JIRA] (WFLY-13379) Redirect after "j_security_check" login does not work if URL has no trailing slash

Brian Stansberry (Jira) issues at jboss.org
Tue Apr 21 17:03:51 EDT 2020 

    [ https://issues.redhat.com/browse/WFLY-13379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14049729#comment-14049729 ] 

Brian Stansberry commented on WFLY-13379:
-----------------------------------------

Possible workarounds:

{code}
/subsystem=undertow/configuration=filter/rewrite=test-rewrite-slash:add(redirect="true",target="%U/")
/subsystem=undertow/server=default-server/host=default-host/filter-ref=test-rewrite-slash:add(predicate="equals(%R,/context)")
{code}

or

{code}
/subsystem=undertow/configuration=filter/expression-filter=app-slash:add(expression="redirect('%U/')")
/subsystem=undertow/server=default-server/host=default-host/filter-ref=app-slash:add(predicate="method(GET) and regex(pattern=/context, value=%U, full-match=true)")
{code}

> Redirect after "j_security_check" login does not work if URL has no trailing slash
> ----------------------------------------------------------------------------------
>
>                 Key: WFLY-13379
>                 URL: https://issues.redhat.com/browse/WFLY-13379
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 19.0.0.Final
>            Reporter: Wolfgang Knauf
>            Assignee: Darran Lofthouse
>            Priority: Major
>         Attachments: Security.ear, configure.cli, restore-configuration.cli
>
>
> Attached file "Security.ear" contains a web application with a single jsp page "index.jsp" and form based login, which is secured by a Database Identity Store (Elytron). 
> When calling the root URL of the webapp without specifiying any page and {color:red}*no*{color} trailing slash (http://localhost:8080/SecurityWeb), on WildFly 11 the login form is shown, and then the welcome file "index.jsp" is shown.
> On WildFly 19, the login form is shown, and after successful login, there is an error message "404 - Not Found", and the URL in the adress bar changes to http://localhost:8080/j_security_check
> It works if the URL is "http://localhost:8080/SecurityWeb/" (trailing slash). It seems WildFly 11 appends the "/" automatically when redirecting to the login form, while WildFly 19 keeps this URL.
> To run the sample, you have to add the Elytron config - the script "configure.cli" can be used for this: 
> jboss-cli.bat --file=path_to\configure.cli
> The script "restore-configuration.cli" undoes this configuration.
> Username/Password are e.g. "admin"/"admin" - the sample creates a user table based on an ejb and "import.sql" inserts users.



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list