if (sqlInjectionFoundForUrl) {
boolean loginUrl = false;
//log.debug("### A SQL Injection may lead to auth bypass..");
//are we dealing with a login url in any of the contexts?
ExtensionAuthentication extAuth = (ExtensionAuthentication) Control.getSingleton()
.getExtensionLoader().getExtension(ExtensionAuthentication.NAME);
if (extAuth != null) {
URI requestUri = getBaseMsg().getRequestHeader().getURI();
//using the session, get the list of contexts for the url
List<Context> contextList = extAuth.getModel().getSession().getContextsForUrl(requestUri.getURI());
//now loop, and see if the url is a login url in each of the contexts in turn..
for (Context context : contextList) {
URI loginUri = extAuth.getLoginRequestURIForContext(context);
if (loginUri != null) {
if (requestUri.getScheme().equals(loginUri.getScheme())
&& requestUri.getHost().equals(loginUri.getHost())
&& requestUri.getPort() == loginUri.getPort()
&& requestUri.getPath().equals(loginUri.getPath())) {