Log Message: |
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58660
With mapperContextRootRedirectEnabled ste to false, the redirect needs to be handled elsewhere.
- Ensure the Mapper does not add the '/' handling the redirect
- Handle the redirect in the DefaultServlet
- Add a redirect to FORM auth if auth is occurring at the context root else the login page could be submitted to the wrong web application
This is part 2 of 2 of the fix for CVE-2015-5345
|