[
https://issues.apache.org/jira/browse/OAK-3201?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Mari updated OAK-3201:
--------------------------------
Attachment: OAK-3201-01.patch
[^OAK-3201-01.patch] forces static references to {{AuthorizableNodeName}},
{{AuthorizableActionProvider}}, {{RestrictionProvider}} and
{{UserAuthenticationFactory}}.
This changes the behaviour of the component: if an instance of any of the
referenced services is created, modified or stopped, {{SecurityProviderImpl}}
will go through a full deactivation/activation cycle. While this decreases the
dynamism of the component, it mitigates the chance of the publication of a
repository which references a half-configured {{SecurityProviderImpl}}.
> Use static references in SecurityProviderImpl for composite services
> --------------------------------------------------------------------
>
> Key: OAK-3201
> URL: https://issues.apache.org/jira/browse/OAK-3201
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: security
> Reporter: Francesco Mari
> Assignee: Francesco Mari
> Attachments: OAK-3201-01.patch
>
>
> {{SecurityProviderImpl}} has dynamic references to many other services, like
> {{RestrictionProvider}}, that represent the configuration of this component.
> Being these services dynamic, the OSGi runtime has no clear dependency
> relationship between the {{SecurityProviderImpl}} and the required services.
> Thus, it may happen that an instance of {{SecurityProviderImpl}} is published
> before the services it requires are started, creating a window where the
> {{SecurityProviderimpl}} is operating differently from the way it's
> configured.
> I suggest to turn the dynamic references in {{SecurityProviderImpl}} to
> static ones to improve the consistency of the implementation.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
