UNDERTOW-536 Form auth does not work when using URL rewriting

undertow-io · Sep 11, 2015 · fc1bd23 · fc1bd23
1 parent 4cfa723
commit fc1bd23
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/core/src/main/java/io/undertow/security/impl/FormAuthenticationMechanism.java b/core/src/main/java/io/undertow/security/impl/FormAuthenticationMechanism.java
@@ -92,7 +92,7 @@ private IdentityManager getIdentityManager(SecurityContext securityContext) {
     @Override
     public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange,
                                                        final SecurityContext securityContext) {
-        if (exchange.getRequestURI().endsWith(postLocation) && exchange.getRequestMethod().equals(Methods.POST)) {
+        if (exchange.getRequestPath().endsWith(postLocation) && exchange.getRequestMethod().equals(Methods.POST)) {
             return runFormAuth(exchange, securityContext);
         } else {
             return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
@@ -160,7 +160,7 @@ public boolean handleDefaultResponse(final HttpServerExchange exchange) {
     }
 
     public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) {
-        if (exchange.getRequestURI().endsWith(postLocation) && exchange.getRequestMethod().equals(Methods.POST)) {
+        if (exchange.getRequestPath().endsWith(postLocation) && exchange.getRequestMethod().equals(Methods.POST)) {
             // This method would no longer be called if authentication had already occurred.
             Integer code = servePage(exchange, errorPage);
             return new ChallengeResult(true, code);

diff --git a/servlet/src/test/java/io/undertow/servlet/test/security/form/ServletFormAuthTestCase.java b/servlet/src/test/java/io/undertow/servlet/test/security/form/ServletFormAuthTestCase.java
@@ -138,7 +138,7 @@ public boolean isRedirected(final HttpRequest request, final HttpResponse respon
             BasicNameValuePair[] pairs = new BasicNameValuePair[]{new BasicNameValuePair("j_username", "user1"), new BasicNameValuePair("j_password", "password1")};
             final List<NameValuePair> data = new ArrayList<>();
             data.addAll(Arrays.asList(pairs));
-            HttpPost post = new HttpPost(DefaultServer.getDefaultServerURL() + "/servletContext/j_security_check");
+            HttpPost post = new HttpPost(DefaultServer.getDefaultServerURL() + "/servletContext/j_security_check;jsessionid=dsjahfklsahdfjklsa");
 
             post.setEntity(new UrlEncodedFormEntity(data));