[ https://issues.apache.org/jira/browse/SLING-2349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger reopened SLING-2349: -------------------------------------- Two notes: (1) I would not provide the AuthenticationHandler class name. This is an implementation detail we should not expose. Rather I would provide the authentication type, which is really informative (and also provided as HttpServletRequest.getAuthType()) (2) The postLogin event method is probably (not necessarily) not called on first login but for each subsequent request. As such this event generates load on the system and provides no useful information at all in addition to a RequestListener. The problem with a login event really is, that only an AuthenticationHandler can decide whether provided credentials are for first time login or not. And not even AuthenticationHandlers will always be able to do that: Consider an SSO or HTTP Basic Authentication Handler: Each request comes with the same credentials and there is no clear mark of "this is the first request". Interestingly, both SSO and HTTP Basic AuthenticationHandler also don't support logout on the Sling level ;-) All in all, I just can repeat what I already said earlier: I fear it is futile to try to generate distinguished login and logout events because on a generally level of Sling Authentication there is no such thing. What we might do is provide hooks for authentication handlers to generate the respective events -- if they support such events. So for example, the OpenID authentication handler, knows when the initial OpenID interaction is done and can then send an event. Likewise when dropCredentials is called, the OpenID handler can trigger the logout event. > [Authentication] Osgi event creation for successful login > --------------------------------------------------------- > > Key: SLING-2349 > URL: https://issues.apache.org/jira/browse/SLING-2349 > Project: Sling > Issue Type: New Feature > Components: Authentication > Affects Versions: Auth Core 1.0.6 > Reporter: Nicolas Peltier > Assignee: Justin Edelson > Priority: Minor > Fix For: Auth Core 1.1.0 > > > Successful authentication (with credentials only?) should create an a "logged > in" osgi event mentionning userid. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira