You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2010/01/18 09:56:54 UTC

[jira] Reopened: (SLING-1155) Add logout method to Authenticator

     [ https://issues.apache.org/jira/browse/SLING-1155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger reopened SLING-1155:
--------------------------------------


reopen to fix the issue state

> Add logout method to Authenticator
> ----------------------------------
>
>                 Key: SLING-1155
>                 URL: https://issues.apache.org/jira/browse/SLING-1155
>             Project: Sling
>          Issue Type: New Feature
>          Components: Commons, Engine
>    Affects Versions: Engine 2.0.4, Engine 2.0.6
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: Commons Auth 1.0.0
>
>
> With the Sling Engine 2.0.4 the Authenticator interface has been introduced to support a generic way to have a user authenticated. This allows for an authentication agnostic way to force a user to login.
> The drawback of the current solution is, that neither authentication handlers nor the Authenticator interface provide APi to logout a user again. This should be fixed as follows:
>   * Add an Authenticator.logout() method which logs out a user in a similar way the login method logs a user in
>   * Add a new AuthenticationHandler2 interface extending the AuthenticationHandler interface and providing a dropAuthentication method
>      which mirrors the AuthenticationHandler.requestAuthentication method.
>   * Add a LogoutServlet calling Authenticator.logout in a similar manner as the LoginServlet calls the login method
> Authentication handlers supporting logging out just implement the AuthenticationHandler2 interface while still registering as a plain AuthenticationHandler. The Authenticator implementation in the Sling Engine bundle identifies the authentication handlers correctly to call or to not call the dropAuthentication method.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.