[jira] [Commented] (SLING-4301) Support user.jcr.session.logout option for the jcr resource provider

Mon, 12 Jan 2015 14:53:01 -0800 

    [ 
https://issues.apache.org/jira/browse/SLING-4301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14274336#comment-14274336
 ] 

Alexander Klimetschek commented on SLING-4301:
----------------------------------------------

[Proposed change|http://markmail.org/message/3yqz7vvtzc556tdd] by Felix:

Add new constant:
{code}
JcrResourceContstants.AUTHENTICATION_INFO_SESSION_LOGOUT = 
„user.jcr.session.logout“;
{code}

Type would be boolean (using PropertiesUtil.toBoolean) with a default value of 
false.

Logic change in 
[JcrResourceProviderFactory|https://github.com/apache/sling/blob/5b48c807c29241324a11b0056d0d10f4609780a1/bundles/jcr/resource/src/main/java/org/apache/sling/jcr/resource/internal/helper/jcr/JcrResourceProviderFactory.java#L337]:

{code}
logoutSession = PropertiesUtil.toBoolean(
     authenticationInfo.get(
          AuthInfoPostProcessor.AUTHENTICATION_INFO_SESSION_LOGOUT),
          false
     )
  );
{code}

> Support user.jcr.session.logout option for the jcr resource provider
> --------------------------------------------------------------------
>
>                 Key: SLING-4301
>                 URL: https://issues.apache.org/jira/browse/SLING-4301
>             Project: Sling
>          Issue Type: Improvement
>          Components: JCR
>            Reporter: Alexander Klimetschek
>
> Add a new AuthenticationInfo option {{user.jcr.session.logout}} that if set 
> to true would automatically close the session passed via {{user.jcr.session}} 
> at the end of the request.
> Purpose: As discussed on the 
> [list|http://sling.markmail.org/thread/ceshw42z63r4bu7i], when using 
> [user.jcr.session|http://sling.apache.org/apidocs/sling6/org/apache/sling/jcr/resource/JcrResourceConstants.html#AUTHENTICATION_INFO_SESSION]
>  to pass a session created by an AuthenticationHandler itself, this is 
> currently never closed (since the original use case for it comes from 
> somewhere else where this wasn't required). The only way to use it from an 
> AuthenticationHandler is to also implement a ServletFilter that tracks it and 
> closes the session "manually" at the end of the request, which is bad since 
> this would create another servlet filter for each authentication handler that 
> wishes to use this.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to