From: arjan tijms <arjan.tijms_at_gmail.com>
Date: Fri, 31 Mar 2017 14:35:55 +0200

Hi,

One of the things that were discussed early on, but till so far hasn't seen
much followup is throwing (CDI) events when the caller is authenticated
(logs in) and logs out.

See this issue: https://java.net/jira/browse/JASPIC_SPEC-21

I also wrote an article about this a couple of years ago:

http://arjan-tijms.omnifaces.org/2012/12/bridging-undertows-authentication.html

An example of how these events can be used in practice is shown here:

https://github.com/javaeekickoff/java-ee-kickoff-app/blob/master/src/main/java/org/example/kickoff/model/producer/ActiveUserProducer.java

The simple post authenticate events (being informational only) are
relatively well understood and something like this is quite often asked for
and/or needed by users.

I think it would be good to include this in JSR 375.

Thoughts?

Kind regards,
Arjan Tijms