Re: [jira] Resolved: (SLING-1654) Remove JCR Session as request attribte

Mon, 16 Aug 2010 09:41:26 -0700 

Thanks ! I missed that one.

Regards
Felix

On 16.08.2010 16:17, Justin Edelson (JIRA) wrote:
> 
>      [ 
> https://issues.apache.org/jira/browse/SLING-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
>  ]
> 
> Justin Edelson resolved SLING-1654.
> -----------------------------------
> 
>     Resolution: Fixed
> 
> webdav bundle updated in r985944
> 
>> Remove JCR Session as request attribte
>> --------------------------------------
>>
>>                 Key: SLING-1654
>>                 URL: https://issues.apache.org/jira/browse/SLING-1654
>>             Project: Sling
>>          Issue Type: Task
>>          Components: Commons, JCR
>>            Reporter: Felix Meschberger
>>            Assignee: Justin Edelson
>>             Fix For: JCR Webdav 2.0.10, Auth Core 1.0.0
>>
>>
>> Currently the SlingAuthenticator sets the following three request attributes 
>> in the Authenticator.handleSecurity method besides the attributes required 
>> by the OSGi Http Service spec:
>>    javax.jcr.Session -- the primary session underlying the resource resolver
>>    $$org.apache.sling.commons.auth.impl.SlingAuthenticatorResourceResolver$$ 
>> -- internal wrapper to help logout the resource resolver
>>    org.apache.sling.commons.auth.ResourceResolver -- the request's resource 
>> resolver
>> The Session is here for backwards compatibility for a looooong time now. The 
>> official way to get at a session in requests has long been to adapt the 
>> request's resource resolver to a Session. Keeping the Session as a request 
>> attribute just makes cleaning up at the end more complicated.
>> The 
>> $$org.apache.sling.commons.auth.impl.SlingAuthenticatorResourceResolver$$ 
>> request attribute has been introduce with the commons auth module but before 
>> the ResourceResolver.close() method to cleanup the resource resolver and 
>> session after request processing. This request attribute is not needed any 
>> longer thanks to the ResourceResolver.close() method which allows for 
>> propery cleanup.
>> This the 
>> $$org.apache.sling.commons.auth.impl.SlingAuthenticatorResourceResolver$$ 
>> and javax.jcr.Session request attributes should not be set any longer.
>> As kind of a replacement, JavaDoc of the Authenticator interface and 
>> particularly the Authenticator.handleSecurity method should be enhanced to 
>> list the request attributes be set and to request from the caller to call 
>> the close() method on the resource resovler at then end of request 
>> processing.
>

Reply via email to