[ https://issues.apache.org/jira/browse/SLING-8869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16988664#comment-16988664 ]
Timothee Maret commented on SLING-8869: --------------------------------------- {quote}I still don't see in which case a {{DistributionTransportSecretProvider}} can be created/updated _without_ a corresponding creation of new instance of {{RemoteDistributionPackageImporter}} {quote} Any secret provider that changes secrets without deactivating/activating itself. A concrete example, used in this ticket, is an access token provider. {quote}None of the secret-providers can actually 'refresh' the token on a 401 because no such method exists in the API {quote} The implementation parses the response status code and can evict the Executor from the cache. There would be no need to extend the API. {quote}evicting a perfectly good HTTP Client {quote} It's questionable how the client is perfectly good when it is actually configured to cache headers that will yields 401s. I understand your point though. With the approach taken by [^SLING-8869-new.patch] we could reuse the client and only fix the secret. > SimpleHttpDistributionTransport does not refresh the secret for token based > implementations. > -------------------------------------------------------------------------------------------- > > Key: SLING-8869 > URL: https://issues.apache.org/jira/browse/SLING-8869 > Project: Sling > Issue Type: Bug > Components: Content Distribution > Reporter: Mohit Arora > Assignee: Timothee Maret > Priority: Critical > Fix For: Content Distribution Core 0.4.2 > > Attachments: SLING-8869-new.patch, SLING-8869.patch > > Time Spent: 20m > Remaining Estimate: 0h > > While saving the {{contextKeyExecutor}} in {{DistributionTransportContext}} > map, it is not expected that the secret associated with the executor could be > expired. This can happen in case of access token based implementations where > the token is expired after a certain period of time and has to be refreshed. > The code to refresh the token is written in the secret provider but since the > executor is [cached in the > map|https://github.com/apache/sling-org-apache-sling-distribution-core/blob/master/src/main/java/org/apache/sling/distribution/transport/impl/SimpleHttpDistributionTransport.java#L208] > the secrets are not refreshed. It works fine for credentials based secret > provider but not for access token based. > cc - [~marett] -- This message was sent by Atlassian Jira (v8.3.4#803005)