If a logged-out user dials a sonar URL with query parameters (f. i. to
jump directly to an existing project with its name) that query
parameters are not kept, only the URL part. This defect occurs during
a first-time login as well as during a re-login.
This commit keeps all originally provided query parameters so after
login the user can be redirected to the desired resource without much
ado.
The added test DOES NOT reflect a direct cookie test because
javax.servlet.http.Cookie does not implement equals and hashcode.
Instead only by implication of the number of invocations we can know
it was probably called. (It IS call though, just check the debugger).
Since the cookie creation missed the context path (necessary for proper
deletion) the whole creation was refactored into a builder.
Furthermore, LogoutHandler.handleInvalidJwtCookie() did more than it
should. It is supposed to handle JWT cookie creation but redirected also
to a different URL if necessary. This redirection was pulled up into the
ForceCasLoginFilter so there's now a better balance and similarity
with similar code.
robertauer
commented
5 years ago
If a logged-out user dials a sonar URL with query parameters (f. i. to jump directly to an existing project with its name) that query parameters are not kept, only the URL part. This defect occurs during a first-time login as well as during a re-login.
This commit keeps all originally provided query parameters so after login the user can be redirected to the desired resource without much ado.
The added test DOES NOT reflect a direct cookie test because
javax.servlet.http.Cookiedoes not implementequalsandhashcode. Instead only by implication of the number of invocations we can know it was probably called. (It IS call though, just check the debugger).Since the cookie creation missed the context path (necessary for proper deletion) the whole creation was refactored into a builder.
Furthermore,
LogoutHandler.handleInvalidJwtCookie()did more than it should. It is supposed to handle JWT cookie creation but redirected also to a different URL if necessary. This redirection was pulled up into theForceCasLoginFilterso there's now a better balance and similarity with similar code.Resolves #19