You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2010/01/08 11:38:55 UTC

[jira] Commented: (SLING-1155) Add logout method to Authenticator

    [ https://issues.apache.org/jira/browse/SLING-1155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12797971#action_12797971 ] 

Felix Meschberger commented on SLING-1155:
------------------------------------------

Documentation has been updated on the http://sling.apache.org/site/authentication.html page

> Add logout method to Authenticator
> ----------------------------------
>
>                 Key: SLING-1155
>                 URL: https://issues.apache.org/jira/browse/SLING-1155
>             Project: Sling
>          Issue Type: New Feature
>          Components: Commons, Engine
>    Affects Versions: Engine 2.0.4, Engine 2.0.6
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: Commons Auth 1.0.0
>
>
> With the Sling Engine 2.0.4 the Authenticator interface has been introduced to support a generic way to have a user authenticated. This allows for an authentication agnostic way to force a user to login.
> The drawback of the current solution is, that neither authentication handlers nor the Authenticator interface provide APi to logout a user again. This should be fixed as follows:
>   * Add an Authenticator.logout() method which logs out a user in a similar way the login method logs a user in
>   * Add a new AuthenticationHandler2 interface extending the AuthenticationHandler interface and providing a dropAuthentication method
>      which mirrors the AuthenticationHandler.requestAuthentication method.
>   * Add a LogoutServlet calling Authenticator.logout in a similar manner as the LoginServlet calls the login method
> Authentication handlers supporting logging out just implement the AuthenticationHandler2 interface while still registering as a plain AuthenticationHandler. The Authenticator implementation in the Sling Engine bundle identifies the authentication handlers correctly to call or to not call the dropAuthentication method.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.