[jira] Updated: (SLING-1654) Remove JCR Session as request attribte

Mon, 23 Aug 2010 06:23:43 -0700 

     [ 
https://issues.apache.org/jira/browse/SLING-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Felix Meschberger updated SLING-1654:
-------------------------------------

    Component/s: Authentication
                     (was: Commons)

> Remove JCR Session as request attribte
> --------------------------------------
>
>                 Key: SLING-1654
>                 URL: https://issues.apache.org/jira/browse/SLING-1654
>             Project: Sling
>          Issue Type: Task
>          Components: Authentication, JCR
>            Reporter: Felix Meschberger
>            Assignee: Justin Edelson
>             Fix For: JCR Webdav 2.0.10, Auth Core 1.0.0
>
>
> Currently the SlingAuthenticator sets the following three request attributes 
> in the Authenticator.handleSecurity method besides the attributes required by 
> the OSGi Http Service spec:
>    javax.jcr.Session -- the primary session underlying the resource resolver
>    $$org.apache.sling.commons.auth.impl.SlingAuthenticatorResourceResolver$$ 
> -- internal wrapper to help logout the resource resolver
>    org.apache.sling.commons.auth.ResourceResolver -- the request's resource 
> resolver
> The Session is here for backwards compatibility for a looooong time now. The 
> official way to get at a session in requests has long been to adapt the 
> request's resource resolver to a Session. Keeping the Session as a request 
> attribute just makes cleaning up at the end more complicated.
> The $$org.apache.sling.commons.auth.impl.SlingAuthenticatorResourceResolver$$ 
> request attribute has been introduce with the commons auth module but before 
> the ResourceResolver.close() method to cleanup the resource resolver and 
> session after request processing. This request attribute is not needed any 
> longer thanks to the ResourceResolver.close() method which allows for propery 
> cleanup.
> This the 
> $$org.apache.sling.commons.auth.impl.SlingAuthenticatorResourceResolver$$ and 
> javax.jcr.Session request attributes should not be set any longer.
> As kind of a replacement, JavaDoc of the Authenticator interface and 
> particularly the Authenticator.handleSecurity method should be enhanced to 
> list the request attributes be set and to request from the caller to call the 
> close() method on the resource resovler at then end of request processing.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to