Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ensure login/error page matching is done against the path in context.

This commit is contained in:
Jan Bartel 2011-10-14 14:39:46 +11:00
parent 9228a3f8dc
commit 4c0a3001e5
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
jetty-jaspi/src/main/java/org/eclipse/jetty/security/jaspi/modules/FormAuthModule.java
View File

@ -160,7 +160,7 @@ public class FormAuthModule extends BaseAuthModule
System.err.println("FormAuthModule.validateRequest(info,subject,serviceSubject) for uri="+uri+" mandatory="+mandatory+" isLoginOrError="+isLoginOrErrorPage(uri));
// not mandatory or its the login or login error page don't authenticate
if (!mandatory || isLoginOrErrorPage(uri)) return AuthStatus.SUCCESS;
if (!mandatory || isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo()))) return AuthStatus.SUCCESS;
try
{
@ -297,6 +297,7 @@ public class FormAuthModule extends BaseAuthModule
public boolean isLoginOrErrorPage(String pathInContext)
{
System.err.println("ISLOGINORERRORPAGE? "+pathInContext+" error: "+_formErrorPath+" login:"+_formLoginPath);
return pathInContext != null && (pathInContext.equals(_formErrorPath) || pathInContext.equals(_formLoginPath));
}