[
https://issues.apache.org/jira/browse/SLING-1361?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger resolved SLING-1361.
--------------------------------------
Resolution: Fixed
In Rev. 908022 created a new redirectAfterLogout method, which is called by the
logout method after the dropCredentials method of all authentication handlers
has been called. This method does notthing if the response has already been
committed.
Otherwise the "resource" request attribute and request parameter are checked
whether they provide a redirect target. If so, the client is redirected there.
If a redirect target is not provided, the client is redirected to the servlet
context root.
> The Authenticator.login method is specified to complete the response but it
> currently is not enforced
> -----------------------------------------------------------------------------------------------------
>
> Key: SLING-1361
> URL: https://issues.apache.org/jira/browse/SLING-1361
> Project: Sling
> Issue Type: Improvement
> Components: Commons
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Commons Auth 1.0.0
>
>
> The Authenticator.login method is specified to complete the response to the
> client. This currently depends on the login handlers to actually send a
> response back.
> If none of the handlers actually commits the response, for example the HTTP
> Basic handler just does nothing and the Form Based Authentication Handler
> just clears the cookie, the login method implementation should probably
> handle finishing the response by redirecting back to either the refere (if
> any) or to the servlet context root.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
