Details
-
Bug
-
Resolution: Fixed
-
Medium
-
2.5.1
-
true
Description
The end of the doFilter method in BaseLoginFilter contains this code:
// if we successfully logged in - look for an original URL to forward to if (LOGIN_SUCCESS.equals(status) && redirectToOriginalDestination(httpServletRequest, httpServletResponse)) { return; } // NOTE : LOGIN_NOATTEMPT is a symbolic constant for null which is a language level symbolic constant for...well...null //noinspection StringEquality if (status == LOGIN_NOATTEMPT) { issuePossibleRedirectIfUserIsAlreadyLoggedIn(httpServletRequest, httpServletResponse); } } filterChain.doFilter(httpServletRequest, httpServletResponse);
The problem is that if issuePossibleRedirectIfUserIsAlreadyLoggedIn does in fact issue a redirect, it should exit immediately rather than continuing the filter chain, which can lead to an IllegalStateException.