Add logout method to Authenticator
----------------------------------
Key: SLING-1155
URL: https://issues.apache.org/jira/browse/SLING-1155
Project: Sling
Issue Type: New Feature
Components: Engine
Affects Versions: Engine 2.0.4, Engine 2.0.6
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: Engine 2.0.8
With the Sling Engine 2.0.4 the Authenticator interface has been introduced to
support a generic way to have a user authenticated. This allows for an
authentication agnostic way to force a user to login.
The drawback of the current solution is, that neither authentication handlers
nor the Authenticator interface provide APi to logout a user again. This should
be fixed as follows:
* Add an Authenticator.logout() method which logs out a user in a similar way
the login method logs a user in
* Add a new AuthenticationHandler2 interface extending the
AuthenticationHandler interface and providing a dropAuthentication method
which mirrors the AuthenticationHandler.requestAuthentication method.
* Add a LogoutServlet calling Authenticator.logout in a similar manner as the
LoginServlet calls the login method
Authentication handlers supporting logging out just implement the
AuthenticationHandler2 interface while still registering as a plain
AuthenticationHandler. The Authenticator implementation in the Sling Engine
bundle identifies the authentication handlers correctly to call or to not call
the dropAuthentication method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
