Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
Description
Presently the logout handler is just a Runnable, the problem with this is if it needs any state it means a lambda or an instance of a class tends to be needed to hold the state e.g.
private void setupProgramaticLogout(HttpScope sessionScope) { logoutHandlerConsumer.accept(() -> { sessionScope.setAttachment(AUTHENTICATED_IDENTITY_KEY, null); }); }
It would likely be better for the logout handler to be able to request the scope it needs so maybe pass in the 'org.wildfly.security.http.HttpServerScopes' at the very least.