Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Issue 566: isFullyAuthenticated() leads to redirect-loop in Grails 3.3.x
The issue appears to be related to the order in which the RememberMe filter was being loaded. This was resulting in a redirect loop caused by the `AccessDeniedException` being repeatedly thrown and then handled by the `ExceptionTranslationFilter`. The `AccessDeniedException` was being thrown because it was always checking the original requested URL, in this case `/role/index`. The request to `/role/index` is expected to throw an `AccessDeniedException` because that url is marked as requiring full authentication. Auto logging in with a RememberMe token is not considered to be fully authenticated. The problem was, it kept rechecking that original requested URL and never properly redirected to /login/auth. Reordering of the filters allows the filter chain to proceed as expected.
- Loading branch information
d8757fa
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change breaks remember me functionality. Details added to issue: #593.