[ https://issues.apache.org/jira/browse/OAK-3201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14731031#comment-14731031 ]
Francesco Mari commented on OAK-3201: ------------------------------------- [~anchela], I agree with you with the idea that services like {{AuthorizableNodeName}} should not be linked directly to {{SecurityProviderImpl}}. They should be attached directly to the components using them, instead. Since running a {{SecurityProvider}} without OSGi looks like an important use case, I suggest doing a relatively simple (albeit lengthy) refactoring of {{SecurityProviderImpl}}. The purpose of the refactoring would be to create an implementation of {{SecurityProvider}} completely independent of OSGi. When this implementation is in place, I can create a set of OSGi components on top of it capable of automatically taking care of dependency injection. When the {{SecurityProvider}} is used without OSGi, the dependencies should be instantiated and linked manually. This way, the {{SecurityProvider}} implementation will be cleaner, since the code doesn't have {{@Component}} and {{@Reference}} annotations all over the place. What do you think? > Use static references in SecurityProviderImpl for composite services > -------------------------------------------------------------------- > > Key: OAK-3201 > URL: https://issues.apache.org/jira/browse/OAK-3201 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core > Reporter: Francesco Mari > Assignee: Francesco Mari > Attachments: OAK-3201-01.patch > > > {{SecurityProviderImpl}} has dynamic references to many other services, like > {{RestrictionProvider}}, that represent the configuration of this component. > Being these services dynamic, the OSGi runtime has no clear dependency > relationship between the {{SecurityProviderImpl}} and the required services. > Thus, it may happen that an instance of {{SecurityProviderImpl}} is published > before the services it requires are started, creating a window where the > {{SecurityProviderimpl}} is operating differently from the way it's > configured. > I suggest to turn the dynamic references in {{SecurityProviderImpl}} to > static ones to improve the consistency of the implementation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)