Customers who have customised the
seraph-config.xml file in their JIRA installation should insert this new parameter (
link.login.urlforward.path) as indicated below:
<security-config> <parameters> ... <!-- The path to *forward* to when the user tries to POST to a protected resource (rather than clicking on an explicit login link). Note that this is done using a servlet FORWARD, not a redirect. Information about the original request can be gotten from the javax.servlet.forward.* request attributes. At this point you will probably want to save the user's POST params so he can log in again and retry the POST. Defaults to undefined, in which case Seraph will just do a redirect instead of a FORWARD. --> <init-param> <param-name>login.forward.path</param-name> <param-value>/secure/XsrfErrorAction.jspa</param-value> </init-param> ... <parameters> </security-config>
- If you are adding this the new
forward.pathparameter to an existing
seraph-config.xmlfile, the order of its containing
<init-param/>element relative to the other
<init-param/>elements in the file is not important, as long as the containing
<init-param/>is a child of the
<parameters/>elements in this file.
- Since the
seraph-config.xmlfile is located within your JIRA Installation Directory, avoid copying the
seraph-config.xmlfile from your original JIRA installation and overwriting the one in your upgraded JIRA 5.0.2 (or later) installation. Other changes in this file may have been made in any intervening versions of JIRA between your original JIRA version (from which you are upgrading) and JIRA 5.0.2, such that overwriting the file in your upgraded JIRA 5.0.2 installation may have unpredictable consequences.