Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9873

[GSS] (7.1.0) FormAuthenticationMechanism.sendRedirect computes wrong location header value

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.1.0.DR16
    • 7.0.4.GA
    • Undertow
    • None
    • Hide

      1. Consider /system/console is a protected URL and if we hit this url a login page is shown.
      2. provide login details
      3. Login was successful, I should get back to /system/console
      4. It did not work as expected.

      Show
      1. Consider /system/console is a protected URL and if we hit this url a login page is shown. 2. provide login details 3. Login was successful, I should get back to /system/console 4. It did not work as expected.

    Description

      After successful authentication FormAuthenticationMechanism calls handleRedirectBack method which in turn first gets the LOCATION_ATTRIBUTE from session which is the complete URL and not the relative one e.g (http://localhost:9007/system/console) which further calls the sendRedirect method.

      Now sendRedirect method computes the location like this:

      // TODO - String concatenation to construct URLS is extremely error prone - switch to a URI which will better handle this.
      String loc = exchange.getRequestScheme() + "://" + exchange.getHostAndPort() + location;

      since location was already a complete URL prepending "exchange.getRequestScheme() + "://" + exchange.getHostAndPort()" malformed the url which becomes like this:

      http://localhost:9007http://localhost:9007/system/console

      which is wrong and due to this the redirect doesn't work at all.

      Please look into this.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-884 FormAuthenticationMechanism.sendRedirect computes wrong location header value

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          incorporates

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-884 FormAuthenticationMechanism.sendRedirect computes wrong location header value

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9874 [GSS](7.0.z) UNDERTOW-884 FormAuthenticationMechanism.sendRedirect computes wrong location header value

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9874 [GSS](7.0.z) UNDERTOW-884 FormAuthenticationMechanism.sendRedirect computes wrong location header value

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              rhn-support-sshriram Saurabh Shriramwar (Inactive)
              Radim Hatlapatka Radim Hatlapatka (Inactive)
              Radim Hatlapatka Radim Hatlapatka (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: