Hi, Currently the Oak SecurityProviderImpl [1] has references to multiple configuration types. These configuration are using static policy (the default policy). Due to this SecurityProvider gets activated and deactivated multiple times in OSGi based system and causes the repository also to recycle
The problem is SecurityConfig has two types of config a. Dynamic - Which can be changed while system is running b. Static - These should never be changed once repository starts like user home Now say in an OSGi based deployed the application has explicit configuration for UserConfiguration then following flow happens 1. System starts and oak-core bundle starts. So far no config is detected by OSGi ConfigAdmin hence the UserConfigurationImpl starts with default value. Note it does not have any configuration policy so it would be started irrespective any config is present or not 2. SecurityProviderImpl gets initialized with all its dependencies 3. Repository gets created as SecurityProvider and NodeStore are registered 4. ConfigAdmin detects the config for UserConfigurationImpl. UserConfigurationImpl get deactivated and reactivated 5. This triggers deactivation and reactivation of SecurityProviderImpl -> Repository Above flow may or may not happen depending on timings and hence system startup sequence is non deterministic. To have a deterministic startup sequence SecurityProviderImpl should only be registerd when all required configuration are registered and security config is stable. One approach that can be used is 1. Have a framework property which specifies that what all security configurations are being customized by the application 2. Then SecurityProviderImpl waits for configuration for those types to be made available 3. For others it starts with default value 4. Once all the requirements are met it registers itself with OSGi SR I am facing this issue when running Oak with PojoSR [2]. The system startup is non deterministic and test case fails randomly Chetan Mehrotra [1] https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java#L74-73 [2] https://github.com/chetanmeh/oak-pojosr/tree/simple
