Details
-
Improvement
-
Resolution: Fixed
-
Medium
-
0.7.6, 0.7.7
-
None
-
true
Description
When SecurityFilter redirects to login.url, when the login is needed, it doesn't check if it can. This makes it impossible for any LoginInterceptor to request any redirection. (Which is useful : I want to redirect to a different page when the user has a wrong user/pass, otherwise I can't make a difference between "not logged in" and "tried to login with wrong user/pass", since the login status in stored in the request: it gets lost after the redirection)
With the simple attached patch, SecurityFilter only redirects if the !response.isCommited() (which is normally false as long as no response was written, and is turned to true if a LoginFilter calls response.sendRedirect(..) for instance)
Hope this gets applied,
Cheers,
g