Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-44

In SecurityFilter, only redirect to "login.url", when login required, if possible

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Medium
    • 0.7.9
    • 0.7.6, 0.7.7
    • None
    • true

    Description

      When SecurityFilter redirects to login.url, when the login is needed, it doesn't check if it can. This makes it impossible for any LoginInterceptor to request any redirection. (Which is useful : I want to redirect to a different page when the user has a wrong user/pass, otherwise I can't make a difference between "not logged in" and "tried to login with wrong user/pass", since the login status in stored in the request: it gets lost after the redirection)

      With the simple attached patch, SecurityFilter only redirects if the !response.isCommited() (which is normally false as long as no response was written, and is turned to true if a LoginFilter calls response.sendRedirect(..) for instance)

      Hope this gets applied,

      Cheers,

      g

      Attachments

        Activity

          People

            Unassigned Unassigned
            6b4b1b72e35c Grégory Joseph
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              18 years, 41 weeks, 6 days ago