You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Justin Edelson (JIRA)" <ji...@apache.org> on 2010/11/08 23:34:39 UTC

[jira] Closed: (SLING-1654) Remove JCR Session as request attribte

     [ https://issues.apache.org/jira/browse/SLING-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Justin Edelson closed SLING-1654.
---------------------------------


> Remove JCR Session as request attribte
> --------------------------------------
>
>                 Key: SLING-1654
>                 URL: https://issues.apache.org/jira/browse/SLING-1654
>             Project: Sling
>          Issue Type: Task
>          Components: Authentication, JCR
>            Reporter: Felix Meschberger
>            Assignee: Justin Edelson
>             Fix For: JCR Webdav 2.1.0, Auth Core 1.0.0
>
>
> Currently the SlingAuthenticator sets the following three request attributes in the Authenticator.handleSecurity method besides the attributes required by the OSGi Http Service spec:
>    javax.jcr.Session -- the primary session underlying the resource resolver
>    $$org.apache.sling.commons.auth.impl.SlingAuthenticatorResourceResolver$$ -- internal wrapper to help logout the resource resolver
>    org.apache.sling.commons.auth.ResourceResolver -- the request's resource resolver
> The Session is here for backwards compatibility for a looooong time now. The official way to get at a session in requests has long been to adapt the request's resource resolver to a Session. Keeping the Session as a request attribute just makes cleaning up at the end more complicated.
> The $$org.apache.sling.commons.auth.impl.SlingAuthenticatorResourceResolver$$ request attribute has been introduce with the commons auth module but before the ResourceResolver.close() method to cleanup the resource resolver and session after request processing. This request attribute is not needed any longer thanks to the ResourceResolver.close() method which allows for propery cleanup.
> This the $$org.apache.sling.commons.auth.impl.SlingAuthenticatorResourceResolver$$ and javax.jcr.Session request attributes should not be set any longer.
> As kind of a replacement, JavaDoc of the Authenticator interface and particularly the Authenticator.handleSecurity method should be enhanced to list the request attributes be set and to request from the caller to call the close() method on the resource resovler at then end of request processing.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.