[
https://issues.apache.org/jira/browse/SLING-1155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger updated SLING-1155:
-------------------------------------
Component/s: Authentication
(was: Engine)
(was: Commons)
> Add logout method to Authenticator
> ----------------------------------
>
> Key: SLING-1155
> URL: https://issues.apache.org/jira/browse/SLING-1155
> Project: Sling
> Issue Type: New Feature
> Components: Authentication
> Affects Versions: Engine 2.0.4, Engine 2.0.6
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Auth Core 1.0.0
>
>
> With the Sling Engine 2.0.4 the Authenticator interface has been introduced
> to support a generic way to have a user authenticated. This allows for an
> authentication agnostic way to force a user to login.
> The drawback of the current solution is, that neither authentication handlers
> nor the Authenticator interface provide APi to logout a user again. This
> should be fixed as follows:
> * Add an Authenticator.logout() method which logs out a user in a similar
> way the login method logs a user in
> * Add a new AuthenticationHandler2 interface extending the
> AuthenticationHandler interface and providing a dropAuthentication method
> which mirrors the AuthenticationHandler.requestAuthentication method.
> * Add a LogoutServlet calling Authenticator.logout in a similar manner as
> the LoginServlet calls the login method
> Authentication handlers supporting logging out just implement the
> AuthenticationHandler2 interface while still registering as a plain
> AuthenticationHandler. The Authenticator implementation in the Sling Engine
> bundle identifies the authentication handlers correctly to call or to not
> call the dropAuthentication method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
