Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-95484

Infinite redirection with login attempt from a friendly URL

    Details

      Description

      1. Create a 2nd portal instance (company) called for the virtualhost example.com
      2. Update the /etc/hosts file to map example.com to 127.0.0.1
      3. Visit http://example.com:8080/home?p_p_state=maximized&p_p_mode=view&saveLastPath=false&_com_liferay_login_web_portlet_LoginPortlet_mvcRenderCommandName=%2Flogin%2Flogin&p_p_id=com_liferay_login_web_portlet_LoginPortlet&p_p_lifecycle=0&_com_liferay_login_web_portlet_LoginPortlet_redirect=%2Fc
      4. Log in with valid credentials

       Expected result: The user is logged in
       Actual result: Infinite redirection loop

       Explanation: The steps reproduce the issue because /home is considered to be a valid friendlyURL by VirtualHostFilter, which means it will set the LAST_PATH request attribute equal to the requested URL. Interestingly, with the default portal instance, /home is interpreted as /web/guest/home which is not a friendly URL and hence the steps do not reproduce the issue.

      The infinite redirection loop itself is caused by LAST_PATH being set into the session with a LoginMVCActionCommand that includes a redirect=/c . The behavior that cause this is as follow:

      1. VirtualHostFilter sets LAST_PATH request variable to the requested URL (the login action URL with redirect=/c)
      2. PortalRequestProcessor copies it to the LAST_PATH session variable
      3. LoginMVCActionCommand authenticates the user, and issues a redirect to itself
      4. Upon second LoginMVCActionCommand execution, it finds the session is authenticated and redirects to /c
      5. PortalRequestProcessor reads the LAST_PATH session variable and issues a redirect to it. The steps now repeat forever (with the exception that step 3 is skipped because the session is found to be authenticated)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                linda.sui Linda Sui
                Reporter:
                stian.sigvartsen Stian Sigvartsen
                Participants of an Issue:
                Recent user:
                Brian Wulbern
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  1 year, 11 weeks, 6 days ago

                  Packages

                  Version Package
                  7.1.10 DXP FP12
                  7.1.X
                  Master