Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Fixed
-
Engine 2.0.4, Engine 2.0.6
-
None
Description
With the Sling Engine 2.0.4 the Authenticator interface has been introduced to support a generic way to have a user authenticated. This allows for an authentication agnostic way to force a user to login.
The drawback of the current solution is, that neither authentication handlers nor the Authenticator interface provide APi to logout a user again. This should be fixed as follows:
- Add an Authenticator.logout() method which logs out a user in a similar way the login method logs a user in
- Add a new AuthenticationHandler2 interface extending the AuthenticationHandler interface and providing a dropAuthentication method
which mirrors the AuthenticationHandler.requestAuthentication method. - Add a LogoutServlet calling Authenticator.logout in a similar manner as the LoginServlet calls the login method
Authentication handlers supporting logging out just implement the AuthenticationHandler2 interface while still registering as a plain AuthenticationHandler. The Authenticator implementation in the Sling Engine bundle identifies the authentication handlers correctly to call or to not call the dropAuthentication method.
Attachments
Issue Links
- is part of
-
SLING-966 Make internal sling authentication publicly available
-
- Closed
-