[ https://issues.apache.org/jira/browse/SLING-1155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger updated SLING-1155: ------------------------------------- Component/s: Authentication (was: Engine) (was: Commons) > Add logout method to Authenticator > ---------------------------------- > > Key: SLING-1155 > URL: https://issues.apache.org/jira/browse/SLING-1155 > Project: Sling > Issue Type: New Feature > Components: Authentication > Affects Versions: Engine 2.0.4, Engine 2.0.6 > Reporter: Felix Meschberger > Assignee: Felix Meschberger > Fix For: Auth Core 1.0.0 > > > With the Sling Engine 2.0.4 the Authenticator interface has been introduced > to support a generic way to have a user authenticated. This allows for an > authentication agnostic way to force a user to login. > The drawback of the current solution is, that neither authentication handlers > nor the Authenticator interface provide APi to logout a user again. This > should be fixed as follows: > * Add an Authenticator.logout() method which logs out a user in a similar > way the login method logs a user in > * Add a new AuthenticationHandler2 interface extending the > AuthenticationHandler interface and providing a dropAuthentication method > which mirrors the AuthenticationHandler.requestAuthentication method. > * Add a LogoutServlet calling Authenticator.logout in a similar manner as > the LoginServlet calls the login method > Authentication handlers supporting logging out just implement the > AuthenticationHandler2 interface while still registering as a plain > AuthenticationHandler. The Authenticator implementation in the Sling Engine > bundle identifies the authentication handlers correctly to call or to not > call the dropAuthentication method. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.