Announcement Announcement Module
Collapse
No announcement yet.
absolute redirection in ACEGI code base problematic Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • absolute redirection in ACEGI code base problematic

    When re-directing a non-authenticated user, class AuthenticationProcessingFilterEntryPoint builds an absolute URL.
    This leads to problems in a customer environment where our server (Weblogic, clustered) is behing a load-balancer and may NOT be accessed directly.
    Theoretically the customer can configure the load balancer to overcome this but this is percieved as requiring configuration changes in an active web-farm because of a specific app. bad karma.

    Does anyone have a clue why absolute redirection is used?
    Are there any plans to make it relative?

    I can change the code locally, but am worried that I am missing some major point.

    Thanks for any answer!

  • #2
    AuthenticationProcessingFilterEntryPoint generates an absolute URL because it needs to support the scheme name (http/https) because of the AuthenticationProcessingFilterEntryPoint.forceHttp s property.

    There is no problem with writing your own implementation of AuthenticationEntryPoint that behaves differently. It will work just fine.

    Comment


    • #3
      Lets take this further

      In AuthenticationProcessingFilterEntryPoint you use an absolute URL regardless of the forceHttps flag.
      I think a better implementation would be to use an absolute URL iff you change protocol during th redirect.
      I'll gladly donate my implementation on this as a fix to AuthenticationProcessingFilterEntryPoint, unless I am missing some point.

      Comment


      • #4
        Re: Lets take this further

        Originally posted by ospector
        I'll gladly donate my implementation on this as a fix to AuthenticationProcessingFilterEntryPoint, unless I am missing some point.
        No problem, please feel free to submit a patch to JIRA.

        Comment


        • #5
          Submitted to JIRA, including fix

          http://opensource.atlassian.com/proj.../browse/SEC-63

          Comment

          Working...
          X