[
https://issues.apache.org/jira/browse/SLING-4301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276628#comment-14276628
]
Felix Meschberger edited comment on SLING-4301 at 1/14/15 8:03 AM:
-------------------------------------------------------------------
This is really weird and unexpected. The first stack trace indicates the
correct thing: At the end of the request, the
SlingAuthenticator.requestDestroyed method is called for the SlingAuthenticator
to close the ResourceResolver. But this really only happens at the end of the
request after the service method has been called.
I quickly checked on two other servlets leveraging the SlingAuthenticator from
HttpService registered servlets. Both properly handle the service call before
calling the SlingAuthenticator.requestDestroyed method.
[~alexander.klimetschek] Can you provide a sample project which reproduces this
problem ? Thanks. (You might prefer to do this off-line, we just have to report
the findings back here).
was (Author: fmeschbe):
This is really weird and unexpected. The first stack trace indicates the
correct thing: At the end of the request, the
SlingAuthenticator.requestDestroyed method is called for the SlingAuthenticator
to close the ResourceResolver. But this really only happens at the end of the
request after the service method has been called.
I quickly checked on two other servlets leveraging the SlingAuthenticator from
HttpService registered servlets.
[~alexander.klimetschek] Can you provide a sample project which reproduces this
problem ? Thanks. (You might prefer to do this off-line, we just have to report
the findings back here).
> Support user.jcr.session.logout option for the jcr resource provider
> --------------------------------------------------------------------
>
> Key: SLING-4301
> URL: https://issues.apache.org/jira/browse/SLING-4301
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Reporter: Alexander Klimetschek
> Attachments: SLING-4301.patch
>
>
> Add a new AuthenticationInfo option {{user.jcr.session.logout}} that if set
> to true would automatically close the session passed via {{user.jcr.session}}
> at the end of the request.
> Purpose: As discussed on the
> [list|http://sling.markmail.org/thread/ceshw42z63r4bu7i], when using
> [user.jcr.session|http://sling.apache.org/apidocs/sling6/org/apache/sling/jcr/resource/JcrResourceConstants.html#AUTHENTICATION_INFO_SESSION]
> to pass a session created by an AuthenticationHandler itself, this is
> currently never closed (since the original use case for it comes from
> somewhere else where this wasn't required). The only way to use it from an
> AuthenticationHandler is to also implement a ServletFilter that tracks it and
> closes the session "manually" at the end of the request, which is bad since
> this would create another servlet filter for each authentication handler that
> wishes to use this.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
