You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2010/01/08 11:38:55 UTC
[jira] Commented: (SLING-1155) Add logout method to Authenticator
[ https://issues.apache.org/jira/browse/SLING-1155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12797971#action_12797971 ]
Felix Meschberger commented on SLING-1155:
------------------------------------------
Documentation has been updated on the http://sling.apache.org/site/authentication.html page
> Add logout method to Authenticator
> ----------------------------------
>
> Key: SLING-1155
> URL: https://issues.apache.org/jira/browse/SLING-1155
> Project: Sling
> Issue Type: New Feature
> Components: Commons, Engine
> Affects Versions: Engine 2.0.4, Engine 2.0.6
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Commons Auth 1.0.0
>
>
> With the Sling Engine 2.0.4 the Authenticator interface has been introduced to support a generic way to have a user authenticated. This allows for an authentication agnostic way to force a user to login.
> The drawback of the current solution is, that neither authentication handlers nor the Authenticator interface provide APi to logout a user again. This should be fixed as follows:
> * Add an Authenticator.logout() method which logs out a user in a similar way the login method logs a user in
> * Add a new AuthenticationHandler2 interface extending the AuthenticationHandler interface and providing a dropAuthentication method
> which mirrors the AuthenticationHandler.requestAuthentication method.
> * Add a LogoutServlet calling Authenticator.logout in a similar manner as the LoginServlet calls the login method
> Authentication handlers supporting logging out just implement the AuthenticationHandler2 interface while still registering as a plain AuthenticationHandler. The Authenticator implementation in the Sling Engine bundle identifies the authentication handlers correctly to call or to not call the dropAuthentication method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.