[jira] [Reopened] (SLING-2349) [Authentication] Osgi event creation for successful login

[Felix Meschberger (Reopened) (JIRA)]

     [ 
https://issues.apache.org/jira/browse/SLING-2349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Felix Meschberger reopened SLING-2349:
--------------------------------------


Two notes:
(1) I would not provide the AuthenticationHandler class name. This is an 
implementation detail we should not expose. Rather I would provide the 
authentication type, which is really informative (and also provided as 
HttpServletRequest.getAuthType())

(2) The postLogin event method is probably (not necessarily) not called on 
first login but for each subsequent request. As such this event generates load 
on the system and provides no useful information at all in addition to a 
RequestListener.

The problem with a login event really is, that only an AuthenticationHandler 
can decide whether provided credentials are for first time login or not. And 
not even AuthenticationHandlers will always be able to do that: Consider an SSO 
or HTTP Basic Authentication Handler: Each request comes with the same 
credentials and there is no clear mark of "this is the first request".

Interestingly, both SSO and HTTP Basic AuthenticationHandler also don't support 
logout on the Sling level ;-)

All in all, I just can repeat what I already said earlier: I fear it is futile 
to try to generate distinguished login and logout events because on a generally 
level of Sling Authentication there is no such thing.

What we might do is provide hooks for authentication handlers to generate the 
respective events -- if they support such events. So for example, the OpenID 
authentication handler, knows when the initial OpenID interaction is done and 
can then send an event. Likewise when dropCredentials is called, the OpenID 
handler can trigger the logout event.
                
> [Authentication] Osgi event creation for successful login
> ---------------------------------------------------------
>
>                 Key: SLING-2349
>                 URL: https://issues.apache.org/jira/browse/SLING-2349
>             Project: Sling
>          Issue Type: New Feature
>          Components: Authentication
>    Affects Versions: Auth Core 1.0.6
>            Reporter: Nicolas Peltier
>            Assignee: Justin Edelson
>            Priority: Minor
>             Fix For: Auth Core 1.1.0
>
>
> Successful authentication (with credentials only?) should create an a "logged 
> in" osgi event mentionning userid.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira