Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9873

[GSS] (7.1.0) FormAuthenticationMechanism.sendRedirect computes wrong location header value

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.1.0.DR16
    • 7.0.4.GA
    • Undertow
    • None
    • Hide

      1. Consider /system/console is a protected URL and if we hit this url a login page is shown.
      2. provide login details
      3. Login was successful, I should get back to /system/console
      4. It did not work as expected.

      Show
      1. Consider /system/console is a protected URL and if we hit this url a login page is shown. 2. provide login details 3. Login was successful, I should get back to /system/console 4. It did not work as expected.

      After successful authentication FormAuthenticationMechanism calls handleRedirectBack method which in turn first gets the LOCATION_ATTRIBUTE from session which is the complete URL and not the relative one e.g (http://localhost:9007/system/console) which further calls the sendRedirect method.

      Now sendRedirect method computes the location like this:

      // TODO - String concatenation to construct URLS is extremely error prone - switch to a URI which will better handle this.
      String loc = exchange.getRequestScheme() + "://" + exchange.getHostAndPort() + location;

      since location was already a complete URL prepending "exchange.getRequestScheme() + "://" + exchange.getHostAndPort()" malformed the url which becomes like this:

      http://localhost:9007http://localhost:9007/system/console

      which is wrong and due to this the redirect doesn't work at all.

      Please look into this.

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              rhn-support-sshriram Saurabh Shriramwar (Inactive)
              Radim Hatlapatka Radim Hatlapatka (Inactive)
              Radim Hatlapatka Radim Hatlapatka (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: