[jira] [Commented] (SLING-4301) Support user.jcr.session.logout option for the jcr resource provider

Wed, 14 Jan 2015 00:04:23 -0800 

    [ 
https://issues.apache.org/jira/browse/SLING-4301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276628#comment-14276628
 ] 

Felix Meschberger commented on SLING-4301:
------------------------------------------

This is really weird and unexpected. The first stack trace indicates the 
correct thing: At the end of the request, the 
SlingAuthenticator.requestDestroyed method is called for the SlingAuthenticator 
to close the ResourceResolver. But this really only happens at the end of the 
request after the service method has been called.

I quickly checked on two other servlets leveraging the SlingAuthenticator from 
HttpService registered servlets.

[~alexander.klimetschek] Can you provide a sample project which reproduces this 
problem ? Thanks. (You might prefer to do this off-line, we just have to report 
the findings back here).

> Support user.jcr.session.logout option for the jcr resource provider
> --------------------------------------------------------------------
>
>                 Key: SLING-4301
>                 URL: https://issues.apache.org/jira/browse/SLING-4301
>             Project: Sling
>          Issue Type: Improvement
>          Components: JCR
>            Reporter: Alexander Klimetschek
>         Attachments: SLING-4301.patch
>
>
> Add a new AuthenticationInfo option {{user.jcr.session.logout}} that if set 
> to true would automatically close the session passed via {{user.jcr.session}} 
> at the end of the request.
> Purpose: As discussed on the 
> [list|http://sling.markmail.org/thread/ceshw42z63r4bu7i], when using 
> [user.jcr.session|http://sling.apache.org/apidocs/sling6/org/apache/sling/jcr/resource/JcrResourceConstants.html#AUTHENTICATION_INFO_SESSION]
>  to pass a session created by an AuthenticationHandler itself, this is 
> currently never closed (since the original use case for it comes from 
> somewhere else where this wasn't required). The only way to use it from an 
> AuthenticationHandler is to also implement a ServletFilter that tracks it and 
> closes the session "manually" at the end of the request, which is bad since 
> this would create another servlet filter for each authentication handler that 
> wishes to use this.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to