Re: [magnolia-dev] [magnolia-svn] [9277] - Logout is handled by logout page

Fabrizio Giustina Wed, 02 May 2007 12:22:19 -0700

On 5/2/07, Grégory Joseph <[email protected]> wrote:

>> So, any objection if I bring back the logout filter? :)


Fine with me too; now looking at the code, I see the LogoutPage does
"more" than the filter was doing (closing the JCR sessions). Should
we completely get rid of the page, and/or move that code away to
Authenticator for instance ?


Yes, I think we could remove that page right away: it was a good
solution for handling logout in adminInterface, but a filter is a
better solution both for a public instance than for the admin
interface.

While on the subject, I was just discussing with Sameer: we could
probly have a LoginFilter (or a LoginLogoutFilter) to replace (or
delegate to) the Authenticator class, thus hiding the http/html 
crust out of Authenticator, and out of ContentSecurityFilter and
URISecurityFilter; making the authentication mechanism potentially
more replaceable (could be useful for integration with existing apps)


That would be nice... at the moment authentication is pretty
extensible by implementing a jaas module, but if you need to do an
authentication "internally" (done recently) you will that the current
Authenticator with all its static method is pretty ugly...


fabrizio

----------------------------------------------------------------

for list details see
http://www.magnolia.info/en/developer.html
----------------------------------------------------------------

Re: [magnolia-dev] [magnolia-svn] [9277] - Logout is handled by logout page

Reply via email to