[jboss-jira] [JBoss JIRA] (ELY-1819) The logout handler registration should be reworked

Ashley Abdel-Sayed (Jira) issues at jboss.org
Wed Aug 7 16:54:00 EDT 2019 

    [ https://issues.jboss.org/browse/ELY-1819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13768289#comment-13768289 ] 

Ashley Abdel-Sayed commented on ELY-1819:
-----------------------------------------

[~dlofthouse] When taking a closer look at implementing this with the logout handler as a {{Consumer<HttpServerScopes>}} and the {{logoutHandlerConsumer}} as a {{Consumer<Consumer<HttpServerScopes>>}}, I can't see how the scope would be passed in as an argument to the logout handler. In {{setupProgramaticLogout}}, when I create the logout handler, as such; 
{code:java}
Consumer<HttpServerScopes> logoutHandler = serverScope -> serverScope.getScope(Scope.SESSION).setAttachment(AUTHENTICATED_IDENTITY_KEY, null);
{code}
I don't see a way to specify the {{HttpServerScope}} argument without calling {{logoutHandler.accept(HttpServerScope);}} but we would only want to pass in the {{logoutHandler}} with the scope specified to {{logoutHandlerConsumer.accept(Consumer<HttpServerScopes>)}} not execute {{logoutHandler.accept(HttpServerScope);}}


> The logout handler registration should be reworked
> --------------------------------------------------
>
>                 Key: ELY-1819
>                 URL: https://issues.jboss.org/browse/ELY-1819
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: HTTP
>            Reporter: Darran Lofthouse
>            Assignee: Ashley Abdel-Sayed
>            Priority: Major
>             Fix For: 1.9.2.CR1
>
>
> Presently the logout handler is just a Runnable, the problem with this is if it needs any state it means a lambda or an instance of a class tends to be needed to hold the state e.g.
> {noformat}
>     private void setupProgramaticLogout(HttpScope sessionScope) {
>         logoutHandlerConsumer.accept(() -> {
>             sessionScope.setAttachment(AUTHENTICATED_IDENTITY_KEY, null);
>         });
>     }
> {noformat}
> It would likely be better for the logout handler to be able to request the scope it needs so maybe pass in the 'org.wildfly.security.http.HttpServerScopes' at the very least.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list