[ https://issues.apache.org/jira/browse/SLING-8869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16987641#comment-16987641 ]
Mohit Arora commented on SLING-8869: ------------------------------------ [~bdelacretaz], [~ashishc] I have attached another patch, [^SLING-8869-new.patch] which keeps the caching as it is and always inject a header in request if the credentials provider is authorization based credentials provider. As Ashish mentioned, I do not see a clear advantage of one approach on the other so we can choose either one. > SimpleHttpDistributionTransport does not refresh the secret for token based > implementations. > -------------------------------------------------------------------------------------------- > > Key: SLING-8869 > URL: https://issues.apache.org/jira/browse/SLING-8869 > Project: Sling > Issue Type: Bug > Components: Content Distribution > Reporter: Mohit Arora > Priority: Critical > Fix For: Content Distribution Core 0.4.2 > > Attachments: SLING-8869-new.patch, SLING-8869.patch > > > While saving the {{contextKeyExecutor}} in {{DistributionTransportContext}} > map, it is not expected that the secret associated with the executor could be > expired. This can happen in case of access token based implementations where > the token is expired after a certain period of time and has to be refreshed. > The code to refresh the token is written in the secret provider but since the > executor is [cached in the > map|https://github.com/apache/sling-org-apache-sling-distribution-core/blob/master/src/main/java/org/apache/sling/distribution/transport/impl/SimpleHttpDistributionTransport.java#L208] > the secrets are not refreshed. It works fine for credentials based secret > provider but not for access token based. > cc - [~marett] -- This message was sent by Atlassian Jira (v8.3.4#803005)