[jira] [Commented] (OAK-3275) DefaultSyncConfig: User membership expiration time not working under some circumstances

Thu, 18 Aug 2016 06:27:52 -0700 

    [ 
https://issues.apache.org/jira/browse/OAK-3275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15426459#comment-15426459
 ] 

Konrad Windszus commented on OAK-3275:
--------------------------------------

Please either fix this inconsistency or remove the membership expiration 
completely. Otherwise there is a known bug in the implementation which may lead 
to issues (because for some configuration values membership is never updated, 
contrary to the expectation of every user, please check again the description 
of this bug).

> DefaultSyncConfig: User membership expiration time not working under some 
> circumstances
> ---------------------------------------------------------------------------------------
>
>                 Key: OAK-3275
>                 URL: https://issues.apache.org/jira/browse/OAK-3275
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: auth-external
>    Affects Versions: 1.3.5
>            Reporter: Konrad Windszus
>            Priority: Minor
>
> Currently the user expiration and the user membership expiration can be set 
> independently of each other in the OSGi configuration for the 
> {{DefaultSyncConfigImpl}}.
> In reality this is not true though:
> Not only can the membership not be updated more often than the other user 
> properties (compare with OAK-3274). 
> Also the property which is used to mark the last successfull sync is the same 
> for both synchronisations 
> (https://github.com/apache/jackrabbit-oak/blob/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java#L433
>  and 
> https://github.com/apache/jackrabbit-oak/blob/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java#L422).
> That is a problem if e.g. the user expiration time is 10 minutes but the user 
> membership expiration time is 1 hour. Then every 10 minutes the property 
> {{rep:lastSynced}} would be updated to the current time and the expiration 
> check for the membership expiration would never return true 
> (https://github.com/apache/jackrabbit-oak/blob/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java#L433).
>  Therefore memberships would never be updated!
> I suggest to completely get rid of user membership expiration time and only 
> have one expiration time for both the user properties and the memberships.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to