[FIXED HUDSON-2290] On security-enabled Hudson, redirection for a login didn't...

[FIXED HUDSON-2290] On security-enabled Hudson, redirection for a login didn't work correctly since 1.249. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@11875 71c3de6d-444a-0410-be80-ed276b4c234a

[FIXED HUDSON-2290] On security-enabled Hudson, redirection for a login didn't...
[FIXED HUDSON-2290] On security-enabled Hudson, redirection for a login didn't work correctly since 1.249. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@11875 71c3de6d-444a-0410-be80-ed276b4c234a
983d0f6c · kohsuke · 573e5335 · 983d0f6c · 983d0f6c · 983d0f6c
3 changed file
--- a/core/src/main/java/hudson/security/HudsonAuthenticationEntryPoint.java
+++ b/core/src/main/java/hudson/security/HudsonAuthenticationEntryPoint.java
@@ -43,9 +43,9 @@ public class HudsonAuthenticationEntryPoint extends AuthenticationProcessingFilt
            rsp.sendError(SC_FORBIDDEN);
        } else {
            // give the opportunity to include the target URL
-            String loginForm = getLoginFormUrl();
+            String loginForm = req.getContextPath()+getLoginFormUrl();
            loginForm = MessageFormat.format(loginForm, URLEncoder.encode(req.getRequestURI(),"UTF-8"));
-            req.setAttribute("loginForm", req.getContextPath()+loginForm);
+            req.setAttribute("loginForm", loginForm);

            rsp.setStatus(SC_FORBIDDEN);
            rsp.setContentType("text/html;charset=UTF-8");

--- a/test/src/test/java/hudson/bugs/LoginRedirectTest.java
+++ b/test/src/test/java/hudson/bugs/LoginRedirectTest.java
+package hudson.bugs;
+
+import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import org.jvnet.hudson.test.Bug;
+import org.jvnet.hudson.test.HudsonTestCase;
+import org.jvnet.hudson.test.recipes.PresetData;
+import org.jvnet.hudson.test.recipes.PresetData.DataSet;
+
+/**
+ * Login redirection ignores the context path
+ *
+ * @author Kohsuke Kawaguchi
+ */
+@Bug(2290)
+public class LoginRedirectTest extends HudsonTestCase {
+    protected void setUp() throws Exception {
+        contextPath = "/hudson";
+        super.setUp();
+    }
+
+    @PresetData(DataSet.NO_ANONYMOUS_READACCESS)
+    public void testRedirect() throws Exception {
+        WebClient wc = new WebClient();
+        // Hudson first causes 403 FORBIDDEN error, then redirect the browser to the page
+        wc.setThrowExceptionOnFailingStatusCode(false);
+
+        HtmlPage p = wc.goTo("/");
+        System.out.println(p.getDocumentURI());
+        assertEquals(200, p.getWebResponse().getStatusCode());
+        HtmlForm form = p.getFormByName("login");
+        form.getInputByName("j_username").setValueAttribute("alice");
+        form.getInputByName("j_password").setValueAttribute("alice");
+        p = (HtmlPage) form.submit(null);
+
+        System.out.println(p);
+    }
+
+    /**
+     * Verifies that Hudson is sending 403 first. This is important for machine agents.
+     */
+    @PresetData(DataSet.NO_ANONYMOUS_READACCESS)
+    public void testRedirect2() throws Exception {
+        try {
+            new WebClient().goTo("/");
+            fail();
+        } catch (FailingHttpStatusCodeException e) {
+            assertEquals(403,e.getStatusCode());
+        }
+    }
+}
--- a/war/pom.xml
+++ b/war/pom.xml
@@ -90,7 +90,7 @@
        <artifactId>maven-hudson-dev-plugin</artifactId>
        <version>6.1.7</version>
        <configuration>
-          <contextPath>/</contextPath>
+          <contextPath>${contextPath}</contextPath>
          <!--
            read directly from core module's output directory,
            so that changes are picked up right away without running mvn.
@@ -250,6 +250,7 @@
  
  <properties>
    <HUDSON_HOME>${basedir}/work</HUDSON_HOME>
+    <contextPath>/</contextPath><!-- context path during test -->
  </properties>

  <pluginRepositories>