Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9874

[GSS](7.0.z) UNDERTOW-884 FormAuthenticationMechanism.sendRedirect computes wrong location header value

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.0.8.CR1, 7.0.8.GA
    • 7.0.4.GA
    • Undertow
    • None
    • EAP 7.0.8

      After successful authentication FormAuthenticationMechanism calls handleRedirectBack method which in turn first gets the LOCATION_ATTRIBUTE from session which is the complete URL and not the relative one e.g (http://localhost:9007/system/console) which further calls the sendRedirect method.
      Now sendRedirect method computes the location like this:
      // TODO - String concatenation to construct URLS is extremely error prone - switch to a URI which will better handle this.
      String loc = exchange.getRequestScheme() + "://" + exchange.getHostAndPort() + location;
      since location was already a complete URL prepending "exchange.getRequestScheme() + "://" + exchange.getHostAndPort()" malformed the url which becomes like this:
      http://localhost:9007http://localhost:9007/system/console
      which is wrong and due to this the redirect doesn't work at all.
      Please look into this.

              spyrkob Bartosz Spyrko-Smietanko
              rhn-support-sshriram Saurabh Shriramwar (Inactive)
              Michael Cada Michael Cada
              Michael Cada Michael Cada
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: