[
https://issues.apache.org/jira/browse/SLING-2349?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13184779#comment-13184779
]
Felix Meschberger edited comment on SLING-2349 at 1/12/12 7:19 AM:
-------------------------------------------------------------------
re #2: As I understand Nicolas' wish it is about getting an initial event when
someone authenticates for the first time. ResourceResolverCreated events are
not that useful and I seriously doubt whether Sling Authentication is the
appropriate place to fire them (this would rather be the task of the
ResourceResolverFactory sending the created event and the ResourceResolver
itself sending the closed event when the close() method is called).
I agree, that it might be desirable to have login (when the user first presents
credentials) and logout events (when Authenticator.logout() is called). Due to
the asynchronous, stateless design of HTTP (and Sling), it is not easy to track
the "login event" on a generic basis. So this must, as I said, be left to the
AuthenticationHandler and Sling Auth Core might at best provide API to send the
login and logout events on behalf of the supporting AuthenticationHandler
service.
Alternatively: The SlingAuthenticator can decide when to send the logout event
since it implements the Authenticator.logout() method. We could add a special
AuthInfo property (similar to the AuthenticationFeedbackHandler property) which
may be set by an AuthenticationHandler, that the AuthInfo can be considered a
LoginInfo, in which case the SingAuthenticator sends the login even after
successfully acquiring the ResourceResolver.
was (Author: fmeschbe):
re #2: As I understand Nicolas' wish it is about getting an initial event
when someone authenticates for the first time. ResourceResolverCreated events
are not that useful and I seriously doubt whether Sling Authentication is the
appropriate place to fire them (this would rather be the task of the
ResourceResolverFactory sending the created event and the ResourceResolver
itself sending the closed event when the close() method is called).
I agree, that it might be desirable to have login (when the user first presents
credentials) and logout events (when Authenticator.logout() is called). Due to
the asynchronous, stateless design of HTTP (and Sling), it is not easy to track
the "login event" on a generic basis. So this must, as I said, be left to the
AuthenticationHandler and Sling Auth Core might at best provide API to send the
login and logout events on behalf of the supporting AuthenticationHandler
service.
> [Authentication] Osgi event creation for successful login
> ---------------------------------------------------------
>
> Key: SLING-2349
> URL: https://issues.apache.org/jira/browse/SLING-2349
> Project: Sling
> Issue Type: New Feature
> Components: Authentication
> Affects Versions: Auth Core 1.0.6
> Reporter: Nicolas Peltier
> Assignee: Justin Edelson
> Priority: Minor
> Fix For: Auth Core 1.1.0
>
>
> Successful authentication (with credentials only?) should create an a "logged
> in" osgi event mentionning userid.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
